Security News
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a...
ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns Infosec in brief If your Windows domain controllers have been crashing since a security...
Apple is having its own Meltdown/Spectre moment with a new side-channel vulnerability found in the architecture of Apple Silicon processors that gives malicious apps the ability to extract cryptographic keys. "We reverse-engineered DMPs on Apple m-series CPUs and found that the DMP activates data loaded from memory that 'looks like' a pointer," the team say in the paper.
US government is urging state officials to band together to improve the cybersecurity of the country's water sector amid growing threats from foreign adversaries. The Environmental Protection Agency announced it is seeking to establish a Water Sector Cybersecurity Task Force to beef up current work to implement "Immediate" solutions to prevent one of the US's most critical services from disruption.
More than 70 million records, allegedly stolen from AT&T in 2021, were dumped on a cybercrime forum at the weekend. The stolen files include names, Social Security Numbers, dates of birth, addresses, emails, phone numbers and other personal information, according to Dark Web Informer, who first spotted the massive data dump by the criminals.
A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the...
Google has enhanced its Safe Browsing service to enable real-time protection in Chrome for desktop, iOS, and soon Android against risky websites, without sending browsing history data to the ad biz. Safe Browsing is a non-commercial Google API that allows client applications to lookup websites in a database to see whether they pose a known risk.
Overcoming the pressures of cybersecurity startup leadershipIn this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO's leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry. How organizations can navigate identity security risks in 2024In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks and threats.
NTT West president Masaaki Moribayashi announced his resignation on Thursday, effective at the end of March, in atonement for the leak of data pertaining to 9.28 million customers that came to light last October. Often resignations are avoided if a leader simply offers up a chunk of their salary instead. On Thursday, NTT West apologized for the leak and released details of a related investigation.
GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code. Push protection proactively prevents leaks by scanning for secrets before 'git push' operations are accepted and blocking the commits when a secret is detected.