Many AMD CPUs are affected by the new Sinkclose vulnerability, but the chipmaker noted that the flaw is not easy to exploit.
The post AMD Says New Sinkclose CPU Vulnerability Only Affects ‘Seriously Breached Systems’ appeared first on SecurityWeek.
Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains
The vulnerabilities, patched in OpenVPN 2.6.10, expose users on the Windows platform to remote code execution attacks.
The post Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains appeared first on SecurityWeek.
GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU
Researchers disclose the details of GhostWrite, a RISC-V CPU vulnerability that can be exploited to gain full access to targeted devices.
The post GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU appeared first on SecurityWeek.
CrowdStrike Explains Why Bad Update Was Not Properly Tested
CrowdStrike has shared a preliminary incident review, explaining why the update that caused global chaos was not caught by testing.
The post CrowdStrike Explains Why Bad Update Was Not Properly Tested appeared first on SecurityWeek.
KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware
KnowBe4 chief executive Stu Sjouwerman: “We sent them their Mac workstation, and the moment it was received, it immediately started to load malware.”
The post KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware appeared first on SecurityWeek.
Microsoft Says 8.5 Million Windows Devices Impacted by CrowdStrike Incident, Publishes Recovery Tool
Microsoft says roughly 8.5 million Windows devices were impacted by the faulty software update from CrowdStrike, and published a tool to help admins through the recovery process.
The post Microsoft Says 8.5 Million Windows Devices Impacted by CrowdStrike Incident, Publishes Recovery Tool appeared first on SecurityWeek.
Intel Says No New Mitigations Required for Indirector CPU Attack
Researchers disclosed a new high-precision Branch Target Injection attack method named Indirector, but Intel says no new mitigations are needed.
The post Intel Says No New Mitigations Required for Indirector CPU Attack appeared first on SecurityWeek.
Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability
Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.
The post Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability appeared first on SecurityWeek.
New TikTag Attack Targets Arm CPU Security Feature
Researchers have targeted the MTE security feature in Arm CPUs and showed how attackers could bypass protections.
The post New TikTag Attack Targets Arm CPU Security Feature appeared first on SecurityWeek.
Microsoft Delaying Recall Feature to Improve Security
Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.
The post Microsoft Delaying Recall Feature to Improve Security appeared first on SecurityWeek.