Since the launch of AMD Ryzen, a small piece of hardware that handles basic memory initialization as well as many security functions has been the center of some controversy. Called the Platform Security Processor (the "PSP" for short) it is essentially an arm core with complete access to the entire system. Its actions can be considered "above root" level and are for the most part invisible to the OS. It is similar in this regard to Intel's Management Engine, but is in some ways even more powerful.

Why is this a bad thing? Well, let's play a theoretical. What happens if a bug is discovered in the PSP, and malware takes control of it? How would you remove it (Answer: you couldn't). How would you know you needed to remove it? (answer, unless it made itself obvious, you also wouldn't). This scenario is obviously not a good one, and is a concern for many who asked AMD to open-source the PSPs code for general community auditing.

Samba, the open source implementation of the Windows CIFS file sharing protocol found on Linux and many home NAS-systems, now has its own version of a "WannaCry" grade bug ready to cause users grief. Like WannaCry, Sambas bug enables remote code execution and is totally wormable. Unlike WannaCry however, it does require write access to the SMB share, limiting it's effect unless you run an unauthenticated share on the internet.

So why is this newsworthy at all? It is of course newsworthy in its own right because of bad security practices that run rampant in our industry, I would argue, but that's not really why I posted this, I will confess. Yes, I'm trying to make a point again with that blunt instrument we call "editorial." I do apologize for the inconvenience (not really).

Only yesterday, the United States' House of Representatives carried the US Senate's joint resolution to eliminate broadband privacy rules. These rules, which are now seemingly on their way to political oblivion, would have required ISPs to get consumers' explicit consent before selling or sharing Web browsing data and other private information with advertisers and other companies. Much like last week's Senate joint resolution, the House's voting fell mainly along partisan lines (215 for, 205 against, with 15 Republican and 190 Democratic representatives voting against the repeal) to scrap the proposed FCC rules.

President Trump's desk (and the President himself) are now all that stand before the ISP's ability to collect geo-location data, financial and health information, children's information, Social Security numbers, Web browsing history, app usage history, and the content of communications - information that gives the most unthinkable leeway in understanding your daily habits. However, President Trump's administration have issued a statement whereas they "strongly support House passage of S.J.Res. 34, which would nullify the Federal Communications Commission's final rule titled "Protecting the Privacy of Customers of Broadband and Other Telecommunication Services".

The US Senate on Thursday passed a joint resolution to eliminate broadband privacy rules that would have required ISPs to get consumers' explicit consent before selling or sharing Web browsing data and other private information with advertisers and other companies. This win was pulled by a hair - 48 Nay against 50 Yea - and went entirely through party lines, with Republicans voting Yea, and the Democrats voting Nay. The effects won't be immediate, mind you - the measure will have to pass the House and then be signed by President Donald Trump before it can become law.

Thanks to AMD's incorporation of an ARM-based "AMD Secure Processor" in their upcoming ZEN micro-architecture, the company is poised to offer something competitor Intel's microprocessors yet don't: memory encryption. This processor, and its underlying technologies, could prove to be a stepping-stone for AMD towards regaining lost server market share. Essentially, because in a market ever more steered by cloud computing considerations, it allows for the client's data to be encrypted at every moment of the work chain. Assuming all works as intended, for the first time not even cloud providers, with either hypervisor-level privileges or even physical access to the servers, will be able to carry out any malicious actions against their clients.

One only has to consider the writing on the wall: Morgan Stanley predicts that by 2018, 30% of Microsoft's revenue will stem from its cloud services; Amazon Web Services (AWS) generated $7.88B in revenue on Q4 2015, up 69% over 2014; and worldwide spending on public cloud services by itself will grow from $70B in 2015 to an estimated $141B in 2019. Cloud computing is here to stay, and with security being as important as it is for some businesses, this is an important area of investment for AMD. This "AMD Secure Processor" will work on essentially two fronts: SME (Secure Memory Encryption) and SEV (Secure Encrypted Virtualization), backed by an hardware-based SHA (Secure Hash Algorithm).

With only a few more days until this month's Patch Tuesday Micrsosoft took to the web to announce that it plans to roll out no less than nine updates - two rated 'Critical' and seven rated 'Important'. The upcoming patches address vulnerabilities found in Windows, Office, Microsoft Server Software, SQL Server, .NET, and Internet Explorer.

The August updates are scheduled to be made available this Tuesday, August 12, at 10 AM PDT. For more info check out the advance notification published here.

Microsoft Corp. has just announced its plans for this month's Patch Tuesday and they include the release of six updates - two rated 'Critical', three rated 'Important' and one rated 'Moderate'. The upcoming updates target vulnerabilities found in Windows operating systems, in Internet Explorer and in Microsoft Server Software.

The six patches will be made available this coming Tuesday, July 8, 2014, at about 10:00 am PDT. The bulletin advance notification for this month's releases can be found here.

Eurocom is providing a complete line of 15.6" to 17.3" high performance, fully upgradeable Mobile Workstations equipped with NVIDIA Quadro K5100M to K1100M graphics and Trusted Platform Modules to secure the systems and their intellectual property from unauthorized access.

At Eurocom we take security very seriously, implanting several systems with three security layers, one being the Kensington Lock Slot which prevents physical theft of the computer system, one being the TPM module to protect certificate private keys and the other being the biometric finger print reader to lock down access to the computer to only authorized individuals.

The first Patch Tuesday of Summer '14 is coming up and it will see Microsoft release seven updates - two bearing a 'Critical' rating and five rated 'Important'. The incoming patches target vulnerabilities found in Windows (Vista, 7, 8/8.1, Server 2003, Server 2008 and Server 2012), Internet Explorer (6 to 11), Office (2007, 2010) and Lync (2010, 2013).

Microsoft's software updates will be made available Tuesday, June 10th at about 10:00 AM PDT. The Advance Notification for this month's patches can be found here.

The world-leading industrial SSD manufacturer, Apacer,presents a mass of SSD data security protection technologies at COMPUTEX TAIPEI 2014, which upgrades SSD value-added technology - once again. To achieve comprehensive secure data storage, Apacer drives the evolution of the original CoreSecurity technology and launches Boot Protect security function with strengthened protection management, which can be activated immediately by the UrKey, a USB-based 2 way dongle for data protection.

Furthermore, the seamless wide-temp waterproof industrial SSDs, groundbreaking MLC-mix technology enabling combination with MLC chips and PCIe Adapters will all be unveiled at this exhibition, innovating SSD applications.

This month's Patch Tuesday (the last one for Windows XP and Office 2003) will see Microsoft roll out four fresh security updates, two rated Critical and two rated Important, targeting remote code execution vulnerabilities found in Windows, Office and Internet Explorer. One of the updates is set to resolve a Word bug that was made public last week (on March 24th) and is known to have been exploited in 'limited, targeted attacks directed at Microsoft Word 2010'.

The April patches will be made available next week on April 8th, at about 10:00 a.m. PDT. For a bit more info check out the Advance Notification published here.

This coming Tuesday Redmond-based Microsoft Corp. is planning to make available five fresh security updates - two with a 'Critical' rating and three tagged 'Important'. The incoming parches are set to address bugs found in Windows, Internet Explorer and Silverlight.

One of the Critical updates will fix an Internet Explorer issue that has already been acknowledged and was exploited in a 'limited number of attacks'. Additional information about Tuesday's releases can be found in the Security Bulletin Advance Notification published here.

The first Patch Tuesday of 2014 is less than a week away and it will see Microsoft deliver four updates, all rated 'Important', that tackle vulnerabilities found in Windows, Office, and Dynamics AX.

One of the updates is set to resolve a previously-acknowledged elevation of privilege vulnerability that affects Windows XP and Windows Server 2003 and has already seen limited, targeted attacks. The patches will become available this coming Tuesday, January 14, at about 10:00 AM PST.

For a bit more info check out the Advance Notification found here.

Samsung Electronics America, Inc. today announced a new advanced security solution for the 840 EVO SSD, Samsung's SSD Self-Encrypting Drive (SED), compatible with professional security software.

The new data security enhancements are now shipping on the recently announced Samsung 840 EVO mSATA drive and can be enabled through a firmware update for the 840 EVO SSD SATA drive, launched last August. The new features are designed to meet security requirements for enterprise applications and are compliant with TCG Opal and IEEE 1667 standards.

The last Patch Tuesday of 2013 is closing in fast and, as revealed today, it will see Microsoft deliver no less than eleven updates - five rated 'Critical' and six rated 'Important'. The upcoming patches target vulnerabilities found in Windows, Office, Internet Explorer, SharePoint Server, Exchange, Lync, and Developer Tools. One of the critical updates addresses the Microsoft Graphics Component bug acknowledged last month.

The December 2013 MS patches will be rolled out on December 10, at about 10:00 a.m. PST. For a bit more info check out the Microsoft Security Bulletin Advance Notification available here.

QNAP Security today launched the newest Linux-based VioStor NVR VS-2100L series. The 2-bay VS-2100L series, available in a tower form factor with 4 and 8 channels, is designed micro-size with macro-functions for the home and small office users. Compact but fully loaded with advanced features, the VS-2100L series supports smart recording, multi-stream support, edge recoding, dewarping function, and more.

The VS-2100L series supports up to 8TB to accommodate high quality H.264, MPEG-4, M-JPEG, and MxPEG video recording. "The VS-2100L series provides many advanced features parallel to those available in superior models at a low total cost of ownership," said Amily Fang, product manager of QNAP Security. "We aim to offer a cost-efficient surveillance solution for home surveillance needs such as childcare, elder care, and home security."

Kingston Digital, Inc., the Flash memory affiliate of Kingston Technology Company, Inc., the independent world leader in memory products, today announced the release of the DataTraveler Vault Privacy 3.0 (DTVP) secure USB Flash drive, as well as the DataTraveler Vault Privacy 3.0 Anti-Virus, which helps enterprises safeguard business data and set security policies for end-users at an affordable price point. DTVP 3.0 provides 100-percent hardware-based encryption of confidential information and is also available separately with ClevX DriveSecurity powered by ESET anti-virus protection. The anti-virus engine utilizes ESET's NOD 32 proactive award-winning technology, which protects corporate end-users wherever they work or plug in.

As the workforce becomes more mobile, businesses must take the appropriate steps to educate their employees and establish security policies so sensitive data cannot be accessed by unauthorized users or cybercriminals. Kingston's DataTraveler Vault Privacy 3.0 USB Flash drive provides affordable business-grade security with 256-bit AES hardware-based encryption using XTS block cipher mode, which offers stronger protection than CBC and ECB modes. It is the first-to-market hardware-encrypted secure USB Flash drive with USB 3.0 performance.

The 13.3" EUROCOM M3 is now available with a Trusted Platform Module 1.2 for added security from external software attacks and physical theft.

The M3 is a small form factor, high performance notebook designed for both professional and gaming use, it is the highest performing 13.3" notebook currently available on the market that is perfect for users that require a highly capable system that can easily fit in carry-on luggage a backpack or purse.

QNAP Security today launched new business-class 4-bay, 1U rackmount VioStor NVR VS-4100U-RP Pro+ series, available in 8, 12 and 16 channels featuring high reliability. Powered by Dual-core Intel processor and 4GB DDR3 memory, the new series deliver quality performance with up to 250 Mbps throughput to ensure steady recording of multiple megapixel IP cameras. Moreover, the HDMI output and hardware decoder provide the ability to deliver up to 200fps Full HD local display.

The VS-4100U-RP Pro+ series support up to 16TB raw storage capacity to accommodate high quality H.264, MPEG-4, M-JPEG, and MxPEG video recording. "The VS-4100U-RP Pro+ series satisfy the requirements of SMB users who desire high performance network video recorders coupled with excellent reliability and features," said Amily Fang, product manager of QNAP Security. "The VS-4100U-RP Pro+ series delivers quality performance coupled with abundant features for small to medium-scale surveillance tasks."

Buffalo Inc. has today announced the RUF3-PV Series Flash Drives which offer enhanced data and virus protection through the use of built-in password protection and anti-malware software (namely Trend Micro USB Security 2.0). Coming in black and red, these new drives measure 65 x 23 x 9 mm, they have a retractable connector, USB 3.0 support, and deliver read speeds of up to 70 MB/s.

The RUF3-PV line includes 8 GB, 16 GB and 32 GB models and is set to hit stores in mid-September.

McAfee today announced the execution of a definitive agreement to initiate a conditional tender offer for the acquisition of Stonesoft Oyj, a leading innovator in next-generation network firewall products, for an aggregate equity value of approximately $389 million in cash.

Stonesoft delivers software-based, dynamic, customer-driven, cyber security solutions to secure information flow and simplify security management. Stonesoft's product portfolio of next-generation firewalls, evasion prevention systems, and SSL VPN solutions addresses businesses of all sizes. Through the pending acquisition of Stonesoft, McAfee expects to extend its leadership position in network security.

McAfee and Intel today announced their commitment to lead in delivering innovative security solutions aimed at protecting a consumer's entire digital life, reflecting the broad adoption and usage of personal devices. Together with Intel, McAfee is redefining the consumer security experience with a focus on safeguarding consumer devices, securing personal data and protecting identities online. This user-centric approach will deliver a comprehensive and valuable service offering that helps meet the evolving needs of consumers as they enjoy their digital lives, anywhere, from any device. The first of these personalized security offerings from McAfee is available in beta to partners, with a consumer version of the product available mid-year 2013.

The explosion in connected devices and the availability of online content and services has consumers spending more of their lives online. Always-connected consumers who are shopping, banking, and sharing information online have an unprecedented amount of their personal and financial information at risk to increasingly sophisticated attacks and scams. Because of these new usages and the resulting distribution of personal information, a more comprehensive approach to security is required to protect consumers.

Elitegroup Computer Systems (ECS) today reveals a full product line of Thin Mini-ITX motherboards, in three segments where low power consumption and a small footprint are desirable: enterprise, multimedia and consumer - to fulfill the different demands for AIO (All-in-one) and SFF (small form factor) applications.


Enterprise/Corporate Solutions: Q77H2-TI & B75H2-TI
For corporate and industrial use, the all solid capacitor ECS Q77H2-TI & B75H2-TI motherboards are based on the Intel 7-Series Chipset, which support 3rd generation Intel Core i7, Intel Core i5 and other Intel processors. Both of these platforms feature 2 x Mini PCIe x1 expansion slot, SATA 3.0/2.0/mSATA, 4x USB 3.0, 5x USB 2.0 along with support for digital signage.

Kaspersky Lab's CEO and co-founder, Eugene Kaspersky, has been voted Technology Hero of the Year in the third annual V3 technology awards. This is considered a massive achievement due to the award being presented to no other than the late Apple CEO, Steve Jobs in 2011.
Voted for by V3 readers, this prestigious award recognises Eugene's huge impact on the security industry over the past 15 years since Kaspersky Lab was founded. From Flame to Madi, inspiring leader Eugene has been at the fore-front of all of the company's ground-breaking malware discoveries and offered his expert advice to businesses and consumers alike.

"Our malware discoveries are dedicated to making the online world a safer place, so it's great to see the appreciation by winning this award", explains Eugene Kaspersky. "Being recognised as Technology Hero of the Year is an amazing achievement for not just myself, but Kaspersky Lab as a company due to the time and commitment spent on fighting cybercrime both before it occurs and during."

Today, leading technology companies announced the creation of the Cyber Security Research Alliance (CSRA). The CSRA is a private, non-profit research consortium formed in response to the growing need for increased public-private collaboration to address complex problems in cyber security. The founding members of the CSRI are Advanced Micro Devices (AMD), Honeywell, Intel Corporation, Lockheed Martin, and RSA/EMC.

President Obama has prioritized cyber threats as one of the most serious economic and national security challenges we face as a nation and a dependency to America's economic prosperity in the 21st century.