Security News
Japan's digital minister has doubled down on a June promise to penalize himself for the poor rollout of the country's digital ID, My Number Card, by offering up three months salary on Tuesday. The interim report reportedly revealed a lack of knowledge among the public on how to link their My Number Card to disability records, cases of health insurance being connected to the wrong card, and errors in pension records of public servants.
Norfolk and Suffolk police have stepped forward to admit that a "Technical issue" resulted in raw data pertaining to crime reports accidentally being included in Freedom of Information responses. "A technical issue has led to some raw data belonging to the constabularies being included within the files produced in response to the FoI requests in question. The data was hidden from anyone opening the files, but it should not have been included."
Downfall Vulnerability Affects Millions of Intel CPUs With Strong Data Leak Impact Learn technical details about this newly disclosed security vulnerability, as well as mitigation recommendations from the Google researcher who discovered it. Google researcher Daniel Moghimi discovered a new vulnerability affecting millions of Intel chip models.
AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine. Inception utilizes a previously disclosed vulnerability alongside a novel kind of transient execution attack, which the researchers refer to as training in transient execution, to leak information from an operating system kernel at a rate of 39 bytes per second on vulnerable hardware.
Researchers have discovered a new and powerful transient execution attack called 'Inception' that can leak privileged secrets and data using unprivileged processes on all AMD Zen CPUs, including the latest models. Researchers at ETH Zurich have now combined an older technique named 'Phantom speculation' with a new transient execution attack called 'Training in Transient Execution' to create an even more powerful 'Inception' attack.
The Clop ransomware gang has once again altered extortion tactics and is now using torrents to leak data stolen in MOVEit attacks. On June 14th, the ransomware gang began extorting its victims, slowly adding names to their Tor data leak site and eventually publicly releasing the files.
The Hawaiʻi Community College has admitted that it paid a ransom to ransomware actors to prevent the leaking of stolen data of approximately 28,000 people. On June 19th, 2023, the relatively new NoEscape ransomware gang listed UH on its extortion portal, threatening to publish 65 GB of stolen data in a week if a ransom was not paid.
The ALPHV ransomware gang, also referred to as BlackCat, is trying to put more pressure on their victims to pay a ransom by providing an API for their leak site to increase visibility for their...
Google's security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core. After triggering an optimized exploit for the flaw, the researcher could leak sensitive data from any system operation, including those that take place in virtual machines, isolated sandboxes, containers, etc.
AMD has started issuing some patches for its processors affected by a serious silicon-level bug dubbed Zenbleed that can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets from software running on a vulnerable system. Exploiting Zenbleed involves abusing speculative execution, though unlike the related Spectre family of design flaws, the bug is pretty easy to exploit.