Security News

The details of the attacks against Xilinx 7-Series and Virtex-6 Field Programmable Gate Arrays have been covered in a paper titled "The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs" by a group of academics from the Horst Goertz Institute for IT Security and Max Planck Institute for Cyber Security and Privacy. In contrast to other known side-channel and probing attacks against Xilinx and Altera FPGAs, the novel "Low-cost" attack aims to recover and manipulate the bitstream by leveraging the configuration interface to read back data from the FPGA device.

A potentially serious vulnerability discovered by researchers in Field Programmable Gate Array chips can expose many mission- and safety-critical devices to attacks. A team of researchers from Germany's Horst Görtz Institute for IT Security at Ruhr-Universität Bochum and the Max Planck Institute for Security and Privacy discovered that FPGA chips are affected by a critical vulnerability - they have named it Starbleed - that can be exploited to take complete control of the chips.

ECS, a leader in advanced technology, science, and engineering solutions, announced an expansion of its services as a Google Cloud Platform partner. Through the ECS Cloud Center of Excellence, ECS delivers solutions from leading cloud service providers to deploy mission-critical workloads to some of the largest organizations in the world.

BioCatch, the global leader in behavioral biometrics, announced it has completed a $145 million Series C investment led by Bain Capital Tech Opportunities, the growth investing business of Bain Capital. The investment will accelerate BioCatch's rapid growth, broaden its product offerings and further support its expanding client base into new verticals.

Google just issued a Chrome update with a note that says, "This update includes 1 [critical] security fix." The bug itself is still a secret, even though the Chromium core of the Chrome browser is an open source project.

By pairing the system with human security experts, Microsoft said it was able to develop an algorithm that was not only able to correctly identify security bugs with nearly 100% accuracy, but also correctly flag critical, high priority bugs 97% of the time. According to Microsoft, its team of 47,000 developers generate some 30,000 bugs every month across its AzureDevOps and GitHub silos, causing headaches for security teams whose job it is to ensure critical security vulnerabilities don't go missed.

A critical vulnerability in VMware's vCenter management product allowed any old bod on the same network to remotely create an admin-level user, research by Guardicore Labs has revealed. The astonishing vuln, details of which were quite spare when VMWare issued a patch last week, was rated by VMware itself as CVSS v3 10.0, the highest level.

Cisco this week released security patches to address numerous vulnerabilities across its products, including critical severity flaws that impact IP Phones and UCS Director. The critical vulnerability patched in IP Phones impacts the web server and could allow a remote, unauthenticated attacker to execute code with root privileges.

KORE, the independent global IoT leader, announced the launch of a new comprehensive managed services solution for Critical Asset Management, utilizing the Visilion asset tracking platform from Sony Network Communications Europe. KORE's solution introduces a new level of condition management, allowing companies in the medical instrumentation, pharmaceutical, and food and beverage industries to maintain real-time condition visibility of critical and high-value goods.

Cisco is warning of a critical flaw in the web server of its IP phones. Cisco issued patches in a Wednesday advisory for the flaw, which affects various versions of its Cisco IP phones for small- to medium-sized businesses.