Security News > 2021 > August

Computer scientists at TU Dresden in Germany have found that AMD's Zen processor family is vulnerable to a data-bothering Meltdown-like attack after all. In a paper [PDF] titled "Transient Execution of Non-Canonical Accesses," released via ArXiv, Saidgani Musaev and Christof Fetzer analyzed AMD Zen+ and Zen 2 chips - namely the Epyc 7262, Ryzen 7 2700X, and the Threadripper 2990WX - and found that they were able to adversely manipulate the operation of the CPU cores.

Rated high in severity, HPE warns the Sudo flaw could be part of a "Chained attack" where an "Attacker has achieved a foothold with lower privileges via another vulnerability and then uses this to escalate privileges," according to a recent HPE security bulletin. Sudo is a program used by other platforms that "Allows a system administrator to delegate authority to give certain users the ability to run some commands as root or another user," according to the Sudo license.

Live video feeds of daycare centers are common, but the Army wants to take their kid-monitoring capabilities to the next level. Under a new pilot program being rolled out at a Fort Jackson, S.C. child-care center, the military is looking for service providers to layer commercially available facial recognition and artificial intelligence over existing closed-circuit television video feeds to improve childcare and cut costs.

A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed "Sardonic" by Romanian cybersecurity technology company Bitdefender, which it encountered during a forensic investigation in the wake of an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution located in the U.S. Said to be under active development, "Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components," Bitdefender researchers Eduard Budaca and Victor Vrabie said in a report shared with The Hacker News.

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking," Microsoft 365 Defender Threat Intelligence Team said in a report published this week.

Microsoft will make it easier for Windows 10 users to check if their computer is compatible with Windows 11 by alerting people via Windows Update. When Windows 11 was first announced, it came with new system requirements that will likely require many Windows 10 users to purchase new hardware to upgrade to the new operating system.

Google says that users of some Android phone models are affected by a Google App bug preventing them from making and receiving calls. "After the latest update to the Google Search App on Android, the users of certain mobile phones are experiencing difficulty in receiving and making calls," a Google community manager said earlier today.

In part one of a two-part series, Akamai's director of security technology and strategy, Tony Lauro, lays out what orgs need to know to defend against account takeover attacks. With account takeover attacks on the rise, stopping threat actors in the early phases of the kill chain will help today's defenders gain an upper hand against direct fraud campaigns.

Network-attached storage maker QNAP is investigating and working on security updates to address remote code execution and denial-of-service vulnerabilities patched by OpenSSL last week. The security flaws tracked as CVE-2021-3711 and CVE-2021-3712, impact QNAP NAS device running QTS, QuTS hero, QuTScloud, and HBS 3 Hybrid Backup Sync, according to advisories [1, 2] published earlier today.

Adam Flatley: I think what really needs to be done, and what has started to happen recently, is that we need to bring all of the components of the private industry and the government together to combat this threat in an organized, intel-driven campaign that is targeting the actors behind these ransomware operations and working to dismantle those organizations through using all the tools available to the private industry and governments around the world. Adam Flatley: It was a really big honor to be part of the Ransomware Task Force that IST put together.