February 4, 2025

Google: How to make any AMD Zen CPU always generate 4 as a random number

Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least Googlers have not only figured out how to break AMD's security – allowing them to load unofficial microcode into its processors to modify the silicon's behavior as they wish – but also demonstrated this by producing a…

Poisoned Go programming language package lay undetected for 3 years

Researcher says ecosystem's auto-caching is a net positive but presents exploitable quirks A security researcher says a backdoor masquerading as a legitimate Go programming language package used by thousands of organizations was left undetected for years.…

Grubhub serves up security incident with a side of needing to change your password

Contact info and partial payment details may be compromised US food and grocery delivery platform Grubhub says a security incident at a third-party service provider is to blame after user data was compromised.…

US accuses Canadian math prodigy of $65M crypto scheme

Suspect, still at large, said to back concept that 'code is law' New York feds today unsealed a five-count criminal indictment charging a 22-year-old Canadian math prodigy with exploiting vulnerabilities in two decentralized finance protocols, allegedly using them to fraudulently siphon around $65 million from investors in the…

Cyberattack on NHS causes hospitals to miss cancer care targets

Healthcare chiefs say impact will persist for months NHS execs admit that last year's cyberattack on hospitals in Wirral, northwest England, continues to "significantly" impact waiting times for cancer treatments, and suspect this will last for "months."…

Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look ‘insignificant’

When cloud customers don't clean up after themselves, part 97 Abandoned AWS S3 buckets could be reused to hijack the global software supply chain in an attack that would make Russia's "SolarWinds adventures look amateurish and insignificant," watchTowr Labs security researchers have claimed.…

Copyright © 2024 Lugapel