Security News
New Jersey IT services provider Cognizant has confirmed it is the latest victim of the Maze ransomware. Maze is unusual among ransomware strains in that it not only encrypts the data on infected Windows machines, it siphons off copies of the originals as well.
12% of users have reportedly stopped using Zoom altogether, the social platform Blind found. Zoom has been slammed for a wide array of security issues over the past couple of weeks, including Zoom bombings, personal data leaks, absence of end-to-end encryption, and more.
Internal confidential documents belonging to some of the largest aerospace companies in the world have been stolen from an industrial contractor and leaked online. The sensitive documents include details of Lockheed-Martin-designed military equipment - such as the specifications for an antenna in an anti-mortar defense system - according to a Register source who alerted us to the blueprints.
On Wednesday, AMD confirmed intellectual property related to its graphics processors was stolen last year, though insisted the leaked files will not damage its business nor compromise product security. Two days ago, AMD issued two Digital Millennium Copyright Act takedown notices to GitHub, directing the Microsoft-owned code storage biz to remove five repositories - an original repo and four copies - that contained confidential internal hardware source code for its Navi family of GPUs.
A vulnerability addressed recently in the WPvivid Backup Plugin could be exploited to obtain all files of a WordPress website, web security company WebARX reveals. WPvivid Backup Plugin is a free and open-source plugin that allows users to easily backup, migrate, and restore their WordPress installations to new hosts, or send backups to remote storage.
A now-defunct mobile app for loaning money to small business owners has been pinned down as the source of an exposed archive containing roughly 500,000 personal and business financial records. The research team at vpnMentor said it traced an exposed database of financial records back to a former Android/iOS app called MCA Wizard, developed jointly by Advantage Capital Funding and Argus Capital Funding back in 2018.
AMD processors sold between 2011 and 2019 are vulnerable to two side-channel attacks that can extract kernel data and secrets, according to a new research paper. In a paper [PDF] titled, "Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors," six boffins - Moritz Lipp, Vedad Hadžić, Michael Schwarz, and Daniel Gruss, Clémentine Maurice, and Arthur Perais - explain how they reverse-engineered AMD's L1D cache way predictor to expose sensitive data in memory.
AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. AMD this weekend said it does not believe these are "New speculation-based attacks" and did not offer any mitigations: "We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," said AMD in a Saturday advisory.
AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. AMD this weekend said it does not believe these are "New speculation-based attacks" and did not offer any mitigations: "We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," said AMD in a Saturday advisory.
On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach, the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers. What happened? Unlike the T-Mobile data breach that involved a sophisticated cyber attack, Virgin Media said the incident was neither a cyber attack nor the company's database was hacked.