Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

A screen capture of the AMDflaws.com website. Joe Uchill / Axios

An upstart cybersecurity research group and trading firm claimed Tuesday that security flaws in AMD computer processors "could potentially put lives at risk." But many in the security community say the widely covered report was dangerously overhyped in an attempt to drive down AMD's stock price.

Why it matters: CTS-Labs and Viceroy Research ultimately did not move the market — AMD finished up for the day. But the media bought into the chaos, at least a little, which could have disastrous effects to security-concerned owners of AMD products.

The intrigue: CTS posted a slick website devoted to the AMD flaws they discovered, complete with video interviews and charts and images ready for the media to use — a marketing effort that started at least three weeks ago when the "amdflaws.com" web domain was registered. Yet they only gave AMD 24 hours to patch the issues before going public.

  • The industry standard is to give at least 90 days for a company to demonstrate it is working on a patch before going public.

What they're saying: Viceroy Research claims the vulnerabilities should be enough to bankrupt AMD. In its report, it wrote "We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries."

  • In its own report, CTS ends with a disclaimer acknowledging it may be betting against AMD's stock price. "[W]e may have, directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports."

What independent researchers are saying: Many researchers note that the white paper released by CTS provides no technical detail, making it impossible to evaluate the claims. But the suite of four potential attacks described by CTS are, at a minimum, already covered by one layer of computer security. All of them essentially require the computer to have already been hacked before they can be used to inflict more damage. In short, it can make bad worse, but not create the bad.

  • "It feels like they may have some valid security research and they’ve come up with a case study how not to disclose it," said researcher Kevin Beaumont. "It feels like a press exploit on top of vulnerability research."
  • Rapid7 Research Director Tod Beardsley emailed that one of the vulnerabilities appears to simply be that the user might intentionally install malware onto a component known as the BIOS. "In the end, an 'unauthorized BIOS update' is, itself, an attack that is usually mitigated by normal operating system, firmware, and physical controls," he wrote via email.
  • Even the outside expert used by CTL-Labs — Dan Guido, CEO of Trail of Bits —
    was skeptical about the marketing push behind the flaws, tweeting "Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works."

Go deeper

44 mins ago - Politics & Policy

Biden's latest executive order: Buy American

President Joe R. Biden speaks about the economy before signing executive orders in the State Dining Room at the White House on Friday, Jan 22, 2021 in Washington, DC. (Photo by Jabin Botsford/The Washington Post via Getty Images)

President Joe Biden will continue his flurry of executive orders on Monday, signing a new directive to require the federal government to “buy American” for products and services.

Why it matters: The executive action is yet another attempt by Biden to accomplish goals administratively without waiting for the backing of Congress. The new order echoes Biden's $400 billion campaign pledge to increase government purchases of American goods.

Tech digs in for long domestic terror fight

Illustration: Sarah Grillo/Axios

With domestic extremist networks scrambling to regroup online, experts fear the next attack could come from a radicalized individual — much harder than coordinated mass events for law enforcement and platforms to detect or deter.

The big picture: Companies like Facebook and Twitter stepped up enforcement and their conversations with law enforcement ahead of Inauguration Day. But they'll be tested as the threat rises that impatient lone-wolf attackers will lash out.

The pandemic could be worsening childhood obesity

Illustration: Aïda Amer/Axios

The 10-month long school closures and the coronavirus pandemic are expected to have a big impact on childhood obesity rates.

Why it matters: About one in five children are obese in the U.S. — an all-time high — with worsening obesity rates across income and racial and ethnic groups, data from the National Health and Nutrition Examination Survey show.