New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs
A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain…
Month: November 2023
Beyond Bank extends digital home lending capabilities – Finance – Software
Beyond Bank has completed integration of an end-to-end platform aimed at improving the home loan application experience for brokers and borrowers. The mutual bank, which…
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed
The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability (CVE-2023-4966) to breach the systems of large organizations, steal data, and encrypt…
Sydney Metro seeks permanent CIO – Strategy – Training & Development
Sydney Metro is on the hunt for a chief information officer (CIO), with incumbent Tommy Cheung returning to Transport for NSW in the new year.…
Windows 11 KB5032190 update enables Moment 4 features for everyone
Microsoft has released the KB5032190 cumulative update to fix security vulnerabilities in Windows 11. This is the first Patch Tuesday update that enables Windows 11…
New Vulnerability in AMD SEV Exposes Encrypted VMs
Nov 14, 2023NewsroomHardware Security / Virtualization A group of academics has disclosed a new “software fault attack” on AMD’s Secure Encrypted Virtualization (SEV) technology that…
Microsoft Warns of Critical Bugs Being Exploited in the Wild
The world’s largest software maker Microsoft on Tuesday released patches with cover for at least 59 documented security vulnerabilities, including a pair of critical-severity zero-days…
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
Today is Microsoft’s November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities. While fourteen remote code…
User credentials are by far the best hack
Losing sight of the biggest cause of security breaches isn’t surprising when there are often more column inches in the daily news devoted to state-sponsored…
Protected Virtual Machines Exposed to New ‘CacheWarp’ AMD CPU Attack
A team of researchers has disclosed the details of a new attack method affecting a security feature present in AMD processors, demonstrating the risk it…
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs
Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI (short…
Severity Does Not Mean Priority
Automated scanners and tools are noisy; they do not know your business and can’t extrapolate context to truly understand validity and impact. Severity ratings are…