#intel

Ubuntu Security Notice 6346-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

OAS Platform allows various devices, including PLCs, servers, files, databases and internet-of-things platforms to communicate with one another and share data when they otherwise would be unable to because of their various protocols.

By Deeba Ahmed FortiGuard Discovers Phishing Campaign Distributing New Agent Tesla Variant to Windows Devices. This is a post from HackRead.com Read the original post: New Agent Tesla Variant Uses Excel Exploit to Infect Windows PCs

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Some foreign companies may be complying—potentially offering China’s spies hints for hacking their customers.

Chatbots like Open AI’s ChatGPT and Google’s Bard are vulnerable to indirect prompt injection attacks. Security researchers say the holes can be plugged—sort of.

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Categories: Threat Intelligence Tags: amos Tags: apple Tags: malvertising Tags: atomic stealer Tags: wallets Tags: crypto Tags: mac While malvertising delivering infostealers has largely been a Windows problem, Mac users are getting targeted as well. (Read more...) The post Mac users targeted in new malvertising campaign delivering Atomic Stealer appeared first on Malwarebytes Labs.

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.

This is the second in a series of three blog posts focusing on Critical National Infrastructure (CNI) cybersecurity. This blog looks at the problem space through the lens of "People and Processes." As mentioned in the previous blog post, CNI cybersecurity is not just a technical problem—technology and tools can be enablers to help reduce risk, but you should also identify the "people and processes" required to put good security practices in place. "If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology."