HomePodcastCyber Security HeadlinesCyber Security Headlines – October 14, 2021

Cyber Security Headlines – October 14, 2021

Windows 11 Patch Tuesday causes AMD performance issues

Last week, Microsoft and AMD confirmed Windows 11 may cause increased L3 cache latency on Ryzen processors, resulting in 3-5% worse performance on most applications, but up to 15% on games. The OS also causes issues with AMD’s “preferred core” technology, resulting in a performance hit for CPU-reliant tasks on CPUs with more than 8 cores. Both companies are expected to release patches by the end of October to resolve the issue. But if you need more reasons to hold off upgrading your AMD system, TechPowerUp noted that the October 12th Patch Tuesday update to Windows 11 introduced further performance issues, increasing L3 cache latency on a Ryzen 7 2700X from 17 nanoseconds to 31.9 nanonseconds. For reference, L3 cache latency in Windows 10 was 10 nanoseconds. 

(The Verge)

Student used zero-day for school prank

On April 30th this year, Illinois teenage Minh Duong and a group of friends were able to control all networked displays inside Indian Township High School District 214, playing Rick Astley’s memtastic “Never Gonna Give You Up” during a recess period. Minh published a step-by-step guide on how he did this, which started by analyzing log files for the security cameras in the school dating back to 2017. He eventually discovered two novel privilege escalation vulnerabilities in Exterity IPTV products that allowed him to gain access. Minh contacted the company to report them, but never heard back, and said they were still present in late 2020 updates to its software. He also filed a full report on how the attack was done with the school’s IT staff. 

(The Record)

US leaves China and Russia off the anti-ransomware invite list

The US announced the “Counter-Ransomware Initiative” this week, a virtual meeting of 30 countries around the world meant to strengthen cooperation between law enforcement and establish diplomatic ties for a more coordinated ransomware response. Russia and China were notably not invited to participate. According to a senior administration official, Russia was not invited for a “host of reasons,” but said they could be invited to future sessions. Officials indicated there will be concrete takeaways from this initial meeting, but did not provide specifics. 

(The Record)

WSL comes to the Windows Store

Microsoft posted a preview version of the Windows Subsystem for Linux to the Microsoft Store. This will allow users to download and update WSL independently of other Windows updates, meaning faster security and feature updates. Microsoft said these updates will allow “GUI app support, GPU compute, and Linux file system drive mounting” to be added to WSL in the future.  WSL improvements seem to be a focus for Windows 11, which now has an easier install process, and adds support for both graphics and audio in apps.

(Ars Technica)

Thanks to our episode sponsor, Bitsight

Did you know that organizations with poor patching practices are 8 times more likely to experience a ransomware incident? From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody’s, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com

Amazon ran campaign to create and promote knockoffs in India

According to documents reviewed by Reuters, Amazon’s team in India used internal data to copy products sold by third-parties on its platform. The team also reportedly promoted these products in search, with a 2016 document stating the product would appear “in the first 2 or three … search results.” In some instances Amazon copied the exact specifications of clothing items, in others it utilized information about customer returns to inform its copies. This so-called Solimo strategy has seen international reach, with products created under its aegis now appearing on the main Amazon.com site. 


Microsoft and Nvidia reveal massive language model

The two companies created the Megatron-Turing Natural Language Generation model or MT-NLP which they call the “most powerful monolithic transformer language model trained to date”.  The companies say it is unmatched in its reading comprehension, commonsense reasoning and natural language inferences. The system should make it faster and less expensive to to train language models. The MT-NLP runs on 280 A100 GPUs, has 105 layers and 530 billion parameters. Both companies pledge to continually research how to reduce bias within the dataset that feeds MT-NLP, and any uses for the model must agree to work to minimize and mitigate any harms created to users.


Instagram testing service outage notifications 

Instagram is testing in-app notifications for service outages, altering users to “temporary issues” like outages or specific features like Story uploads not currently functioning. Instagram says it won’t send alerts for any service interruption, only ones that may be a source of confusion. The feature will be tested in the United States for the next few months. Instagram also showed a new “Account Status” section within the app, allowing users to see notifications about why any posts were removed and when an account “is at risk of being disabled” due to violations. This comes after a large-scale outage took down all Facebook apps and services for roughly 6 hours earlier this month. 


Facebook updates bullying and harassment policies

Under the new policy, Facebook will take down mass coordinated harassment campaigns targeted at users with a heightened risk of offline harm, even if this content wouldn’t otherwise violate its policies. This extends to direct messages, comments and posts, and will apply to state-linked networks that work together to silence and harass people. The company will also remove profiles, pages and groups dedicated to sexualizing public figures, as well as focus additional protections for individuals who become famous involuntarily, like journalists and activists. 


Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.

Most Popular