Blog

Google: How to make any AMD Zen CPU always generate 4 as a random number

Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least Googlers have not only figured out how to break AMD's security – allowing them to load unofficial microcode into its processors to modify the silicon's behavior as they wish – but also demonstrated this by producing a…

Poisoned Go programming language package lay undetected for 3 years

Researcher says ecosystem's auto-caching is a net positive but presents exploitable quirks A security researcher says a backdoor masquerading as a legitimate Go programming language package used by thousands of organizations was left undetected for years.…

Grubhub serves up security incident with a side of needing to change your password

Contact info and partial payment details may be compromised US food and grocery delivery platform Grubhub says a security incident at a third-party service provider is to blame after user data was compromised.…

US accuses Canadian math prodigy of $65M crypto scheme

Suspect, still at large, said to back concept that 'code is law' New York feds today unsealed a five-count criminal indictment charging a 22-year-old Canadian math prodigy with exploiting vulnerabilities in two decentralized finance protocols, allegedly using them to fraudulently siphon around $65 million from investors in the…

Cyberattack on NHS causes hospitals to miss cancer care targets

Healthcare chiefs say impact will persist for months NHS execs admit that last year's cyberattack on hospitals in Wirral, northwest England, continues to "significantly" impact waiting times for cancer treatments, and suspect this will last for "months."…

Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look ‘insignificant’

When cloud customers don't clean up after themselves, part 97 Abandoned AWS S3 buckets could be reused to hijack the global software supply chain in an attack that would make Russia's "SolarWinds adventures look amateurish and insignificant," watchTowr Labs security researchers have claimed.…

2 officers bailed as anti-corruption unit probes data payouts to N Irish cops

Investigating compensation to police whose sensitive info was leaked in 2023 The Police Service of Northern Ireland (PSNI) has bailed two officers after they were arrested as part of a fraud investigation related to the payments to cops whose sensitive data was mistakenly published in 2023.…

Privacy Commissioner warns the ‘John Smiths’ of the world can acquire ‘digital doppelgangers’

Australian government staff mixed medical info for folk who share names and birthdays Australia’s privacy commissioner has found that government agencies down under didn’t make enough of an effort to protect data describing “digital doppelgangers” – people who share a name and date of birth and whose government…

Medical monitoring machines spotted stealing patient data, users warned to pull the plug ASAP

PLUS: MGM settles breach suits; AWS doesn't trust you with security defaults; A new .NET backdoor; and more Infosec in brief  The United States Food and Drug Administration has told medical facilities and caregivers that monitor patients using Contec equipment to disconnect the devices from the internet ASAP.…

What does it mean to build in security from the ground up?

As if secure design is the only bullet point in a list of software engineering best practices Systems Approach  As my Systems Approach co-author Bruce Davie and I think through what it means to apply the systems lens to security, I find that I keep asking myself what…

Copyright © 2024 Lugapel