ZenHammer Attack Gets Around AMD CPUs’ Rowhammer Defenses
For the first time, ETH Zurich cybersecurity researchers have created a new version of the RowHammer DRAM (dynamic random-access memory) ZenHammer Attack that is effective against AMD Zen 2 and Zen 3 systems even in the face of mitigations like Target Row Refresh (TRR). “This result proves…
0 Comments6 Minutes
Microsoft SharePoint Vulnerability Under Attack by Hackers
The United States Cybersecurity and Infrastructure Security Agency (CISA) has recently flagged a critical security flaw impacting the Microsoft SharePoint Server, escalating it to the Known Exploited Vulnerabilities (KEV) list. This move comes in response to compelling evidence indicating ongoing…
0 Comments4 Minutes
CISA Alerts: Flaws in Fortinet, Ivanti, & Nice Products Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently expanded its Known Exploited Vulnerabilities (KEV) list, highlighting three critical security flaws. This update comes with a warning, as evidence suggests these vulnerabilities are actively being exploited. The following are…
0 Comments4 Minutes
Apple M-Series Chips’ New “GoFetch” Vulnerability Exposes Secret Encryption Keys
The vulnerability, dubbed GoFetch, is related to a microarchitectural side-channel attack that targets constant-time cryptographic implementations and retrieves sensitive data from the CPU cache by utilizing a feature called data memory-dependent prefetcher (DMP). The results were communicated to…
0 Comments7 Minutes
DNS over HTTPS Gives Users a “False Sense of Security”
Businesses that use encrypted DNS over HTTPS services run the risk of creating a false feeling of security and possibly even breaking their own DNS-monitoring systems, according to a warning from the US National Security Agency (NSA). DNS over HTTPS (DoH), which shields DNS traffic between a client…
0 Comments3 Minutes
AI-Powered code scanning autofix Debuts on GitHub
On Wednesday, GitHub made the announcement that it will be making a feature on a code scanning autofix accessible in public beta for all Advanced Security clients. The purpose of this function is to make individualised recommendations in an effort to prevent the introduction of new…
0 Comments5 Minutes
Loop DoS attack has effect on thousands of different systems.
There is a new denial-of-service (Loop DoS attack) vector that has been discovered. This attack vector targets application-layer protocols that are based on User Datagram Protocol (UDP), which puts hundreds of thousands of hosts at risk. Loop denial of service attacks are a method that involves…
0 Comments5 Minutes
Alert: Ravaging AcidPour Malware Strikes Linux x86 Devices
It has been discovered that a new variation of a data-erasing malware, known as AcidPour Malware, has been discovered in the wild. This particular variant is meant to particularly target Linux x86 machines. In a series of posts on X, Juan Andres Guerrero-Saade of SentinelOne stated that the…
0 Comments3 Minutes
ChatGPT Plugins from Third Parties May Cause Account Takeovers
According to cybersecurity researchers, threat actors attempting to obtain unauthorized access to sensitive data may use third-party plugins for OpenAI ChatGPT as a new avenue of attack. New study from Salt Labs suggests that security holes in ChatGPT and its ecosystem could let attackers install…
0 Comments7 Minutes
Fortinet Identifies Severe SQL Injection Vulnerability in FortiClientEMS Software
Fortinet recently issued a warning highlighting a critical vulnerability in its FortiClientEMS software. This vulnerability poses a significant risk, potentially enabling malicious actors to execute code on affected systems, which could lead to data breaches, system downtime, and other severe…
0 Comments4 Minutes