Security News
![Google emits data-leaking proof-of-concept Spectre exploit for Intel CPUs to really get everyone's attention](/static/build/img/news/alt/managed-security-small.jpg)
Google on Friday released proof-of-concept code for conducting a Spectre-based attack against its Chrome browser to show how web developers can take steps to mitigate browser-based side-channel attacks. The code, posted to GitHub, demonstrates how an attacker can pull data from device memory at speed of 1kB/s when running on Chrome 88 on an Intel Skylake CPU. According to Google, the attack should work on other browsers, even those running on Arm-based Apple M1 chips.
![Google shares Spectre PoC targeting browser JavaScript engines](/static/build/img/news/alt/Data-Cybersecurity-Predictions-small.jpg)
Google has published JavaScript proof-of-concept code to demonstrate the practicality of using Spectre exploits targeting web browsers to access information from a browser's memory. According to the Google Security Team, the PoC shared today works across a wide range of processor architectures, operating systems, and hardware generations.
![Google engineer urges web devs to step up and secure their code in this data-spilling Spectre-haunted world](/static/build/img/news/alt/web-statistics-small.jpg)
Now web security professionals are asking developers to do their part by recognizing that Spectre broke the old threat model and by writing code that reflects the new one. Last month, Mike West, a Google security engineer, drafted a note titled, "Post-Spectre Web Development," and Mozilla's Daniel Veditz of the W3C's Web Application Security Working Group asked the group to come to a consensus on supporting the recommendations.
![Should You Be Concerned About the Recently Leaked Spectre Exploits?](/static/build/img/news/alt/web-statistics-small.jpg)
A researcher revealed on Monday that some exploits for the notorious CPU vulnerability known as Spectre were uploaded recently to the VirusTotal malware analysis service. In a blog post titled Spectre exploits in the "Wild", researcher Julien Voisin shared a brief analysis of a Spectre exploit for Linux that had been uploaded to VirusTotal in early February.
![Working Windows and Linux Spectre exploits found on VirusTotal](/static/build/img/news/alt/Data-Cybersecurity-Predictions-small.jpg)
Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal. Voisin found the two working Linux and Windows exploits on the online VirusTotal malware analysis platform.
![IBM Power9 processors beset by Cardiac Osprey data-leaking flaw as Spectre still haunts speculative chips](/static/build/img/news/alt/ransomware-statistic-small.jpg)
IBM Power9 processors, intended for data centers and mainframes, are potentially vulnerable to abuse of their speculative execution capability. On Thursday IBM published a security advisory that explains, "IBM Power9 processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances."
![Complexity has broken computer security, says academic who helped spot Meltdown and Spectre flaws](/static/build/img/news/alt/breach-statistics-small.jpg)
Gruss and his colleagues discovered some of the biggest recent security snafus, including the Meltdown and Spectre microprocessor design flaws, a working Rowhammer exploit, attacks on Intel SGX including Plundervolt, and many more besides. The assistant professor also advanced his theory that as Moore's Law runs out, we'll use more and more systems with more and more processor and accelerator cores all interacting with each other, which means even more security risk.
![Thought you'd addressed those data-leaking Spectre holes on Linux? Guess again. The patches aren't perfect](/static/build/img/news/alt/web-stats-small.jpg)
In three posts marked urgent to the Linux kernel mailing list on Tuesday, Anthony Steinhauser points out problems with countermeasures put in place to block Spectre vulnerabilities in modern Intel and AMD x86 microprocessors that perform speculative execution. The Spectre family of flaws involve making a target system speculate - perform an operation it may not need - in order to expose confidential data so an attacker can obtain it through an unprotected side channel.
![Thought you'd fixed those Linux Spectre issues? Guess again, and AMD users need to be especially on their toes](/static/build/img/news/alt/web-statistics-3-small.jpg)
In three posts marked urgent to the Linux kernel mailing list on Tuesday, Anthony Steinhauser points out problems with countermeasures put in place to block Spectre vulnerabilities in modern Intel and AMD x86 microprocessors that perform speculative execution. The Spectre family of flaws involve making a target system speculate - perform an operation it may not need - in order to expose confidential data so an attacker can obtain it through an unprotected side channel.
![Google slings websites into Chrome's solitary confinement on Android to thwart Spectre-style data snooping](/static/build/img/news/alt/web-statistics-3-small.jpg)
Ignore the overhead, enjoy Site Isolation – a defense against side-channel attacks Last year, Google deployed Site Isolation in desktop versions of its Chrome browser as a defense against CPU...