Tag
#amd
Hertzbleed is a new side-channel attack that can recover sensitive information from a targeted system by applying CPU timing. The post Hertzbleed exposes computers’ secret whispers appeared first on Malwarebytes Labs.
A novel timing attack allows remote attackers with low privileges to infer sensitive information by observing power-throttling changes in the CPU.
A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. Dubbed Hertzbleed by a group of researchers from the University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, the issue is rooted in dynamic voltage and frequency scaling (DVFS), power and thermal
Microsoft officially released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Also addressed by the tech giant are 55 other flaws, three of which are rated Critical, 51 are rated Important, and one is rated Moderate in severity. Separately, five other shortcomings were resolved in the Microsoft Edge browser. <!-
Hello everyone! In this short episode, I want to talk about the new feature in Vulners Linux API. Alternative video link (for Russia): https://vk.com/video-149273431_456239092 Linux security bulletin publication dates are now included in scan results. Why is it useful? A few words why this Linux Audit API is needed. You collect a list of packages […]
Backdoor.Win32.Cabrotor.10.d malware suffers from an unauthenticated remote command execution vulnerability.
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode
Red Hat Security Advisory 2022-4642-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and privilege escalation vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation