Security News > 2023 > August

Amid a recent uptick in cybercrime on local governments, cities have been left to recover for months after the initial attack. Leaders in Dallas, Texas are ready to spend months recovering from an attack that hindered the city's 911 emergency services, court systems, and more.

A group of international researchers has achieved a breakthrough in computer security by developing a new and highly efficient cipher for cache randomization. Cache side-channel attacks pose a significant threat to modern computer systems, as they can stealthily extract sensitive information, including secret keys and passwords, from unsuspecting victims.

AI professionals are still facing some very real challenges in democratizing data, much less AI (much less Generative AI), across their organizations, according to Dataiku. While the global survey...

Collide cached data, and measure the power required. If the CPU keeps track of the RAM addresses that you've used recently, and can guess well enough which ones you're likely to use again soon, it can keep them temporarily in its cache memory and thus greatly speed up your second access to those values, and the third access, the fourth, and so on.

A site impersonating Flipper Devices promises a free Flipper Zero after completing an offer but only leads to shady browser extensions and scam sites. [...]

IT software company Ivanti disclosed today a new critical security vulnerability in its MobileIron Core mobile device management software. "MobileIron Core 11.2 has been out of support since March 15, 2022. Therefore, Ivanti will not be issuing a patch or any other remediations to address this vulnerability in 11.2 or earlier versions. Upgrading to the latest version of Ivanti Endpoint Manager Mobile is the best way to protect your environment from threats," the company said.

Microsoft says a hacking group tracked as APT29 and linked to Russia's Foreign Intelligence Service targeted dozens of organizations worldwide, including government agencies, in Microsoft Teams phishing attacks. These new domains were part of the 'onmicrosoft.com' domain, a legitimate Microsoft domain that is automatically used by Microsoft 365 for fallback purposes in case a custom domain is not created.

Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution (RCE) vulnerability tracked as...

A new software-based power side-channel attack called 'Collide+Power' was discovered, impacting almost all CPUs and potentially allowing data to leak. The main concept of Collide+Power is to leak data from measured CPU power consumption values when a data "Collision" between the attacker's dataset and data sent by other applications to overwrite the former happens in CPU cache memory.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.