Security News
Chipzilla's processors, already weighed down by defenses deployed against side-channel attacks over the past two years, could get slower still if they try to thwart this latest vulnerability: prototype compiler changes, for full mitigation, have produced performance reductions ranging from 2x to 19x. That's because LVI protection involves compiler and assembler updates that insert extra x86 instructions and replace problematic instructions with functionally equivalent but more verbose instruction sequences. "Being essentially a 'reverse Meltdown'-type attack, LVI abuses that a faulting or assisted load instruction executed within a victim domain does not always yield the expected result, but may instead transiently forward dummy values or data from various microarchitectural buffers."
Chipzilla's processors, already weighed down by defenses deployed against side-channel attacks over the past two years, could get slower still if they try to thwart this latest vulnerability: prototype compiler changes, for full mitigation, have produced performance reductions ranging from 2x to 19x. That's because LVI protection involves compiler and assembler updates that insert extra x86 instructions and replace problematic instructions with functionally equivalent but more verbose instruction sequences. "Being essentially a 'reverse Meltdown'-type attack, LVI abuses that a faulting or assisted load instruction executed within a victim domain does not always yield the expected result, but may instead transiently forward dummy values or data from various microarchitectural buffers."
A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others. DDoS attacks involve flooding a target Web site with so much junk Internet traffic that it can no longer accommodate legitimate visitors.
Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. Within hours of the NSA going public with details about its prized bug find, exploit writers posted working code demonstrating how the flaw can be abused to trick unpatched Windows computers into accepting fake digital certificates - which are used to verify the legitimacy of software, and encrypt web connections.
Wondering what it takes to secure clinical networks in your healthcare organization? Get The Risk Mitigation Handbook for Connected Medical Devices, a practical approach to risk mitigation in...
The U.S. National Security Agency (NSA) has published an advisory to provide information on possible mitigations for risks associated with Transport Layer Security Inspection (TLSI). read more
Make Insider Threat Defenses 'Top of the Agenda' Says Veriato's Chris GilkesToo many organizations are still failing to prioritize mitigating the risk posed by insiders, whether they're malicious...
Michael Theis of CERT Insider Threat Center on Best PracticesThe battle against insider threats requires a balance of sanctions and incentives, says Michael Theis of the CERT Insider Threat Center.
Senate, House Versions Now Must Be ReconciledIn the wake of ransomware attacks that have hit the public and private sectors, the U.S. Senate has passed a bill that calls for creating cyber...