Security News > 2023 > July
In March, the U.K. government released a white paper promoting the country as a place to "Turbocharge growth" in AI. According to the white paper, 500,000 people in the U.K. are employed in the AI industry, and AI contributed £3.7 billion to the national economy in 2022. In response, on July 18, the independent research body Ada Lovelace Institute, in a lengthy report, called for a more "Robust domestic policy" in order to regulate AI through legislation that clarifies and organizes the U.K.'s effort to promote AI as an industry.
Google's security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core. After triggering an optimized exploit for the flaw, the researcher could leak sensitive data from any system operation, including those that take place in virtual machines, isolated sandboxes, containers, etc.
AMD has started issuing some patches for its processors affected by a serious silicon-level bug dubbed Zenbleed that can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets from software running on a vulnerable system. Exploiting Zenbleed involves abusing speculative execution, though unlike the related Spectre family of design flaws, the bug is pretty easy to exploit.
The North Korean state-sponsored Lazarus hacking group is breaching Windows Internet Information Service web servers to hijack them for malware distribution. South Korean security analysts at ASEC previously reported that Lazarus was targeting IIS servers for initial access to corporate networks.
Ivanti released security patches for the remote unauthenticated API access vulnerability tracked as CVE-2023-35078 on Sunday. While Ivanti has published a security advisory to provide details on the security vulnerability, the information is being blocked by a login, given that the article can only be accessed with an account linked to Ivanti customer information.
Derek Hanson, Yubico's VP of standards and alliances and an industry expert on passkeys, discusses why device-bound-to-shareable passkeys are critical. Derek Hanson, an expert on hardware-bound and syncable passkeys, works very closely with the FIDO Alliance and recently spoke on the topic of passkeys at the 2023 RSA Conference.
Secondly, the underlying encryption algorithms are proprietary, guarded as trade secrets under strict non-disclosure agreements, so it simply hasn't had the levels of global, objective mathematical scrutiny that unpatented, open source encryption systems have. Simply put, if you need to keep the algorithm secret, as well as the decryption key for each message, you're in deep trouble, because your enemies will ultimately, and inevitably, get hold of that algorithm.
We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.
The Flipper Zero team has launched its very own 'Flipper Apps' mobile app store, allowing mobile users to install 3rd-party apps and extend the functionality of the popular wireless pen-testing tool. With the launch of the Flipper Apps app store, the Flipper Zero community will be able to comfortably install apps specifically created for and confirmed to work on the device.
The Flipper Zero team has launched its very own 'Flipper Apps' mobile app store, allowing mobile users to install 3rd-party apps and extend the functionality of the popular wireless pen-testing tool. With the launch of the Flipper Apps app store, the Flipper Zero community will be able to comfortably install apps specifically created for and confirmed to work on the device.