Security
Headlines
HeadlinesLatestCVEs

Tag

#amd

How Confidential Computing Locks Down Data, Regardless of Its State

Whether data's in motion, at rest, or in use, confidential computing makes moving workloads to the public cloud safer, and can enhance data security in other deployments.

DARKReading
Open in Source
#vulnerability#ios#mac#google#microsoft#linux#intel#backdoor#amd#auth#ssl
CVE-2022-23825: AMD: CVE-2022-23825 AMD CPU Branch Type Confusion

**Why is this AMD CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for more information: * AMD-SB-1037

CVE-2022-23816: AMD: CVE-2022-23816 AMD CPU Branch Type Confusion

**Why is this AMD CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for more information: * AMD-SB-1037

RansomHouse claims to have stolen at least 450GB of AMD’s data

Extortion group RansomHouse has revealed its latest victim: semiconductor giant AMD. The company was breached due to weak passwords. The post RansomHouse claims to have stolen at least 450GB of AMD’s data appeared first on Malwarebytes Labs.

RansomHouse Claims Stealing 450GB of Data from Semiconductor Giant AMD

By Waqas RansomHouse first appeared in cyberspace in December 2021. So far, the gang has claimed six victims, including Gaming… This is a post from HackRead.com Read the original post: RansomHouse Claims Stealing 450GB of Data from Semiconductor Giant AMD

OpenSSH to Release Security Patch for Remote Memory Corruption Vulnerability

The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. The issue has been identified in OpenSSL version 3.0.4, which was released on June 21, 2022, and impacts x64 systems with the AVX-512 instruction set. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected. <!--adsense--> Security

CVE-2022-22967: Salt Project Package Repo

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.

An Alleged Russian Spy Was Busted Trying to Intern at The Hague

Plus: Firefox adds new privacy protections, a big Intel and AMD chip flaw, and more of the week’s top security news.

Hertzbleed exposes computers’ secret whispers

Hertzbleed is a new side-channel attack that can recover sensitive information from a targeted system by applying CPU timing. The post Hertzbleed exposes computers’ secret whispers appeared first on Malwarebytes Labs.

'Hertzbleed' Side-Channel Attack Threatens Cryptographic Keys for Servers

A novel timing attack allows remote attackers with low privileges to infer sensitive information by observing power-throttling changes in the CPU.