(Image credit: AMD) AMD disclosed that its popular Ryzen Master software utility, which enables CPU monitoring and overclocking capabilities for its lineup of consumer processors, has a new vulnerability, ranked 7.2 (High), that could allow an attacker to assume complete control of the system. AMD has posted a new updated version of Ryzen Master for…
We’ve said it before and we’ll say it again — you should always keep all of your software up to date. There are simply too many cyberattacks to risk leaving vulnerabilities unpatched on any of your devices. We bring this up now because Google released a stable channel update for the Chrome browser this week…
(Image credit: Hertzbleed) Intel and researchers from UT Austin, UIUC, and UW published papers today outlining the ‘Hertzbleed‘ chip vulnerability that allows side-channel attacks that can steal secret AES cryptographic keys by observing the CPU’s boost frequency/power mechanisms. According to external researchers, both Intel and AMD CPUs are impacted, but AMD hasn’t issued an advisory…
(Image credit: Intel) Intel and researchers from UT Austin, UIUC, and UW published papers today outlining the ‘Hertzbleed’ chip vulnerability that allows side-channel attacks that can steal secret AES cryptographic keys by observing the CPU’s boost frequency/power mechanisms. The vulnerability doesn’t impact all cryptographic code, but some mitigation techniques for impacted systems come with as-yet-undefined…
(Image credit: Max Tech/YouTube) MIT Computer Science & Artificial Intelligence Laboratory (CSAIL) scientists unveiled a new attack methodology that exploits a hardware vulnerability in Arm processors, including the Apple M1 series of chips, by using a new PACMAN technique to steal data. The team used an Apple M1 processor as the demo chip for the…
A vulnerability has been discovered in 7-zip, the popular archiving program. This is an active zero-day vulnerability and is characterized as allowing privilege escalation and command execution. In other words, someone with limited access to your computer would be able to gain higher-level control, usually admin access, to run commands or apps. GitHub user Kagancapar…
Five new BIOS security weaknesses have been discovered in the BIOS used by Dell in many of its Alienware, Inspiron and Latitude products. The vulnerabilities, collated by The Hacker News and partly discovered by security firm Binarly, could allow an attacker to execute potentially damaging code. (Image credit: Alienware) Tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420,…
VUSec security research group and Intel on Tuesday disclosed a yet another Spectre-class speculative execution vulnerability called branch history injection (BHI). The new exploit affects all of Intel processors released in the recent years, including the latest Alder Lake CPUs, and select Arm cores. By contrast, AMD’s chips are believed to be unaffected. BHI is a proof-of-concept…
AMD has divulged details about a chipset vulnerability that can allow non-privileged users to read and dump some types of memory pages in Windows. This technique allows an attacker to steal passwords or enable other types of attacks, including circumventing standard KASLR exploitation (aka Spectre and Meltdown) mitigations (via TheRecord). Word of the bug came…
Enlarge / This isn’t how the OMIGOD vulnerability works, of course—but lightning is much more photogenic than maliciously crafted XML. Cloud security vendor Wiz—which recently made news by discovering a massive vulnerability in Microsoft Azure’s CosmosDB-managed database service—has found another hole in Azure. The new vulnerability impacts Linux virtual machines on Azure. They end up with…
