Security News

Zoom CISO Michael Adams discusses cybersecurity threats, solutions, and the futureIn this Help Net Security interview, we delve into the world of cybersecurity with Michael Adams, the CISO at Zoom. Using creative recruitment strategies to tackle the cybersecurity skills shortageIn this Help Net Security interview, Jon Check, Executive Director of Cybersecurity Protection Solutions at Raytheon, sheds light on the significance of internships and apprenticeships in nurturing the next generation of cyber defenders.

Downfall Vulnerability Affects Millions of Intel CPUs With Strong Data Leak Impact Learn technical details about this newly disclosed security vulnerability, as well as mitigation recommendations from the Google researcher who discovered it. Google researcher Daniel Moghimi discovered a new vulnerability affecting millions of Intel chip models.

A variety of Intel Core processors and the devices using them are vulnerable to "Downfall", a new class of attacks made possible by CVE-2022-40982, which enables attackers to access and steal sensitive data such as passwords, encryption keys, and private data from other users on the same personal or cloud computer. " is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software.

The advisory for that flaw, ADV230003, is related to last month's CVE-2023-36884 in Microsoft Office, and as the IT giant notes, it's a "Defense in depth update." Installing the update "Stops the attack chain leading to the Windows Search security feature bypass vulnerability," we're told. Finally the XMP-Toolkit-SDK update plugs an important security hole that could lead to application denial of service.

A senior research scientist at Google has devised new CPU attacks to exploit a vulnerability dubbed Downfall that affects multiple Intel microprocessor families and allows stealing passwords, encryption keys, and private data like emails, messages, or banking info from users that share the same computer. Moghimi developed two Downfall attack techniques, Gather Data Sampling - which is also the name Intel uses to refer to the issue and Gather Value Injection - which combines GDS with the Load Value Injection technique disclosed in 2020.

Nearly all of the FBI's technical intelligence on malicious "Cyber actors" in the first half of this year was obtained via Section 702 searches, according to FBI Director Christopher Wray. With the controversial FISA amendment set to expire at the end of the year, unless Congress reauthorizes the snooping clause, Wray has been making the rounds and delivering the same message: the FBI "Cannot afford to lose" Section 702.

State-sponsored North Korean hacker group Kimsuky has been impersonating journalists and academics for spear-phishing campaigns to collect intelligence from think tanks, research centers, academic institutions, and various media organizations. Kimsuky hackers meticulously plan and execute their spear-phishing attacks by using email addresses that closely resemble those of real individuals and by crafting convincing, realistic content for the communication with the target.

False alarm: despite a patch notes suggesting otherwise, that mysterious blob of microcode released for many Intel microprocessors last week was not a security update, the x86 giant says. In an email Monday, an Intel spokesperson told The Register that microcode-20230512, which popped up on the manufacturer's GitHub page "Does not contain any security updates and the note, , is meant to convey that there are no applicable security updates in the package."

Intel is investigating reports that BootGuard private keys, used to protect PCs from hidden malware, were leaked when data belonging to Micro-Star International was stolen and dumped online. It's understood the private keys were generated by MSI to use with Intel's BootGuard technology, and were among internal source code and other materials taken from the computer parts maker's IT systems last month - at least some of which has since been shared on the internet.

Intel is investigating the leak of alleged private keys used by the Intel Boot Guard security feature, potentially impacting its ability to block the installation of malicious UEFI firmware on MSI devices. On Friday, Alex Matrosov, the CEO of firmware supply chain security platform Binarly, warned that the leaked source code contains the image signing private keys for 57 MSI products and Intel Boot Guard private keys for 116 MSI products.