Security Researchers from Positive Technologies have recently revealed information about a buffer overflow they stumbled upon in the firmware update of Intel's management engine 11's which is secret. They stated that the Intel firmware update could be attacked by sophisticated individuals to gain access to ME functionality despite being turned off. This clearly means that sophisticated intruders would be able to play real money slots from the system they attack despite a firmware update being released by the chipmaker. The researchers have also claimed that the firmware update released by the manufacturer may not be significant to permanently resolve the issues.

The Intel management engine which is also known as the Intel ME resides in the controller hub of the platform and is a co-processor which powers the remote administrative features of the company. It has its own operating system which is the Intel Minix 3 that is similar to the Intel UNIX operating system. It has been designed to monitor computers and has access comprehensively to all the data and processes of the primary system.

The researchers stumbled upon four vulnerabilities which affected firmware Intel ME versions 11.0 to 11.20. Two of the vulnerabilities were found in earlier versions of the firmware belonging to Intel ME along with two in server platform services and a couple in the trusted Intel execution engine version 3.0.

A security audit was conducted by Intel after the firmware update warnings were issued by the researchers for identifying and exploring the vulnerabilities of the firmware update which were affecting the Intel ME. Intel issued a statement to its users on November 20 they were responding to issues discovered by external researchers about the firmware update and therefore they had completed a comprehensive security review of the flaws which were identified with the objective of enhancing the resilience of their firmware.

Firmware Intel identified the issues for their management engine, trusted execution engine and Intel server platform services and decided to issue a firmware update to resolve the issues plaguing the ME platform. The researchers, however, believe that the firmware update released by Intel does not prevent an intruder from using other methods for the attack which was also patched by the chipmaker during a recent firmware update.

The chipmaker has not responded positively when questioned about whether they had any plans to modify the way their management engine works or to begin producing chips without the ME. A spokesperson for the company provided a recommendation that requests such as these should be forwarded to the hardware vendors.

The spokesperson for the company issued a statement saying that the management engine is capable of providing important functionality for its users and includes features such as two-factor authentication, enterprise service management and even the option to get heart bingo reviews. They advised system owners with customers requirements to contact equipment manufacturers for the kind of request being put forward to the chipmakers. The company, however, confirmed that it would not support any configuration which would remove the functionality essential in most of their mainstream products apart from providing the firmware update.

The statement issued by the chipmaker certainly comes as a surprise since Intel has been one of the leading firmware manufacturers of such products throughout the world for a number of years. It has also issued a firmware update whenever needed.

It only seems like yesterday that the Galaxy S8 and S8+ was launched, but it has already been nearly a year now it's almost time for the S9 and S9+ to make their entries. Thanks to a render video and multiple rendered images by MySmartPrice, that phase of leaks which precedes every major Samsung smartphone release has now officially started. Check out the videos and images included and visit the source to see even more images.

While one must admit that the S9 does look very similar to the S8 in these renders, there are quite a few changes as well. We have listed the highlight points below for your convenience.

·        No in-screen fingerprint scanning

·        The iris scanner is going to stay

·        The fingerprint scanner stays at the back, but has been moved to the middle, right below the camera, like it should have been on the S8/S8+/Note 8

·        Presence of a dual camera setup, although rumors indicate that only the S9+ will be getting two rear cameras this year

·        They have retained the 3.5mm audio jack like everyone should

·        It's slightly thicker than the S8

Do you like what you see? Will you be upgrading to the S9 or S9+ next year? Let us know it all in the comments.

Saikat Kar (tech-enthusiast)

In spite of previous reports suggesting that Samsung might primarily concentrate on launching its new range of ultra-premium QLED TVs at CES 2018, new reports are suggesting that Samsung will not go to the CES 2018 empty handed in the smartphone department. If you were hoping to see the Galaxy S9-series being launched at the show, you will likely have to wait till the Mobile World Congress 2018 in February, but we may still get a teaser trailer. What may very well happen however is that Samsung might launch the much awaited and rumored Galaxy A8 and A8+ at the Consumer Electronics Show.

Additionally the Galaxy J2 (2018) may or may not make an appearance, but we are pretty much sure that the Notebook 9 (2018) series with its S-Pen compatibility will definitely be showcased. This new Notebook 9 (2018) series of laptops with 8^th Gen Intel processors, 16GB RAM and 1TB HDD was just launched and is Samsung's most powerful laptop till date.

Via: SamMobile

Saikat Kar (tech-enthusiast)

The Galaxy S6 Edge+ is receiving the November security update from AT&T as you read this. Yes, you read that right, the carrier is rolling out last month's patch in the middle of December! Perhaps they would have skipped the November patch altogether in favor of the December patch, had it not been for the multiple critical vulnerabilities that last month's patch addressed, including the KRACK Wi-Fi hack and the BlueBorne hack. Nevertheless, that's no excuse for sending it out so late. The good news is that it brings Mobile Hotspot APN with it.

The update is a large one at more than 400MB, so make sure that you have your S6 Edge+ hooked up to your Wi-Fi first. Post the download and the installation, you should see the present build number as G928AUCU4EQK6. As you probably know already by now, it fixes 61 Android OS bugs and six of Samsung's own software bugs.

Head over to our firmware section to find all the latest available updates for your Samsung smartphones and tablets.

Saikat Kar (tech-enthusiast)

The December patch had been making rounds on a lot of Samsung handsets recently and the latest names are that of the Galaxy S7 and S7 Edge. In the US, only Verizon has managed to roll the update out yet, but more carriers should soon follow, so if you own any of the two devices on Sprint or T-Mobile, you are up next!

Outside America, Germany is so far the only known country to get the December update for the unlocked version from Samsung. However, given the nature of these updates, I wouldn't be surprised if it has already started making rounds in a few other European countries as well. Do let us know in the comments if we are missing anything.

The version released for the carrier-locked S7 by Verizon in US has the build version G930VVRU4BQK4, while the S7 Edge has received G935VVRU4BQK4, if you are wondering. On the other hand, the unlocked variant of the S7 in Germany has been updated with firmware version G930FXXS1DQL1 and the S7 Edge with G935FXXS1DQL1.

Head over to our firmware section to find all the latest available updates for your Samsung smartphones and tablets.

Saikat Kar (tech-enthusiast)