Intel Addresses 80 Firmware, Software Vulnerabilities

Intel has addressed 80 vulnerabilities affecting its products, including 18 high-severity privilege escalation and DoS flaws.

The post Intel Addresses 80 Firmware, Software Vulnerabilities appeared first on SecurityWeek.

Using Machine Learning to Detect Keystrokes

Researchers have trained a ML model to detect keystrokes by sound with 95% accuracy.

“A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards”

Abstract: With recent developments in deep learning, the ubiquity of microphones and the rise in online services via personal devices, acoustic side channel attacks present a greater threat to keyboards than ever. This paper presents a practical implementation of a state-of-the-art deep learning model in order to classify laptop keystrokes, using a smartphone integrated microphone. When trained on keystrokes recorded by a nearby phone, the classifier achieved an accuracy of 95%, the highest accuracy seen without the use of a language model. When trained on keystrokes recorded using the video-conferencing software Zoom, an accuracy of 93% was achieved, a new best for the medium. Our results prove the practicality of these side channel attacks via off-the-shelf equipment and algorithms. We discuss a series of mitigation methods to protect users against these series of attacks.

News article.

Automated Security Control Assessment: When Self-Awareness Matters

Automated Security Control Assessment enhances security posture by verifying proper, consistent configurations of security controls, rather than merely confirming their existence.

The post Automated Security Control Assessment: When Self-Awareness Matters appeared first on SecurityWeek.

U.K. Electoral Commission Breach Exposes Voter Data of 40 Million Britons

The U.K. Electoral Commission on Tuesday disclosed a "complex" cyber attack on its systems that went undetected for over a year, allowing the threat actors to access years worth of voter data belonging to 40 million people. "The incident was identified in October 2022 after suspicious activity was detected on our systems," the regulator said. "It became clear that hostile actors had first

Malicious Campaigns Exploit Weak Kubernetes Clusters for Crypto Mining

Exposed Kubernetes (K8s) clusters are being exploited by malicious actors to deploy cryptocurrency miners and other backdoors. Cloud security firm Aqua, in a report shared with The Hacker News, said a majority of the clusters belonged to small to medium-sized organizations, with a smaller subset tied to bigger companies, spanning financial, aerospace, automotive, industrial, and security sectors

A British research team can extract data from keystrokes with 95% accuracy

Recently, a research team composed of members from several top British universities conducted a study on acoustic side-channel attacks. In their related paper, they asserted that data could be stolen through the recording of...

The post A British research team can extract data from keystrokes with 95% accuracy appeared first on Penetration Testing.

SAP Patches Critical Vulnerability in PowerDesigner Product

SAP has fixed over a dozen new vulnerabilities with its Patch Tuesday updates, including a critical flaw in its PowerDesigner product.

The post SAP Patches Critical Vulnerability in PowerDesigner Product appeared first on SecurityWeek.

CVE-2022-40982: Downfall vulnerability affects Intel processors

Recently, Intel disclosed a security vulnerability named “Downfall,” discovered by third-party researcher Daniel Moghimi. It utilizes “Gather Data Sampling” to pilfer data and sensitive information from other users’ computers, affecting multiple Core processors, spanning...

The post CVE-2022-40982: Downfall vulnerability affects Intel processors appeared first on Penetration Testing.

Youtube-dl Site Goes Offline as Hosting Provider Enforces Court-Ordered Ban

Hosting provider Uberspace has taken down the website of YouTube-ripping software, youtube-dl. The removal is the result of a German court order in a copyright infringement lawsuit, filed by Sony, Warner and Universal. While Uberspace didn't host the open source software, it was held responsible for the website linking to the software hosted on developer platform GitHub.

From: TF, for the latest news on copyright battles, piracy and more.

Downfall Intel CPU side-channel attack exposes sensitive data

Google researcher Daniel Moghimi devised a new side-channel attack technique, named Downfall, against Intel CPU. Google researcher Daniel Moghimi devised a new side-channel attack technique Intel CPU, named Downfall, that relies on a flaw tracked as CVE-2022-40982. An attacker can exploit this vulnerability to access and steal data from other users who share the same […]

The post Downfall Intel CPU side-channel attack exposes sensitive data appeared first on Security Affairs.

New ‘Inception’ Side-Channel Attack Targets AMD Processors

Researchers have disclosed the details of a new side-channel attack targeting AMD CPUs named Inception.

The post New ‘Inception’ Side-Channel Attack Targets AMD Processors appeared first on SecurityWeek.

40 Vulnerabilities Patched in Android With August 2023 Security Updates

40 vulnerabilities have been patched by Google in the Android operating system with the release of the August 2023 security updates.

The post 40 Vulnerabilities Patched in Android With August 2023 Security Updates appeared first on SecurityWeek.

New Android 14 Security Feature: IT Admins Can Now Disable 2G Networks

Google has introduced a new security feature in Android 14 that allows IT administrators to disable support for 2G cellular networks in their managed device fleet. The search giant said it's introducing a second user setting to turn off support, at the model level, for null-ciphered cellular connections. "The Android Security Model assumes that all networks are hostile to keep users safe from

LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems

The LockBit ransomware group threatens to leak medical data of cancer patients stolen from Varian Medical Systems. The LockBit ransomware group claims to have hacked the healthcare company Varian Medical Systems and threatens to leak the medical data of cancer patients. Varian Medical Systems, Inc. designs, manufactures, sells, and services medical devices and software products […]

The post LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems appeared first on Security Affairs.

Downfall: New Intel CPU Attack Exposing Sensitive Information

Google researcher discloses the details of an Intel CPU attack method named Downfall that may be remotely exploitable.

The post Downfall: New Intel CPU Attack Exposing Sensitive Information appeared first on SecurityWeek.

Microsoft Releases Patches for 74 New Vulnerabilities in August Update

Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System

Risky Business #716 -- This ain't your grandma's cloud

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Tenable gives Microsoft a spray over Azure bug fix delay, quality
• Lateral movement fun via Azure Active Directory Cross-Tenant Synchronization
• Ransomware targets hospitals, special needs schools
• Japan’s cybersecurity has some catching up to do
• Much, much more

This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

• Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop
• Microsoft resolves vulnerability following criticism from Tenable CEO
• New Microsoft Azure AD CTS feature can be abused for lateral movement
• Hackers force hospital system to take its national computer system offline
• Israeli hospital redirects new patients following ransomware attack
• Russia-linked cybercriminals target school for children with learning difficulties
• Hackers accessed 16 years of Colorado public school student data in June ransomware attack
• Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms
• China hacked Japan’s classified defense cyber networks, officials say - The Washington Post
• Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company - SentinelOne
• Ukraine says it thwarted attempt to breach military tablets
• The Mystery of Chernobyl’s Post-Invasion Radiation Spikes | WIRED
• Radiation Spikes at Chernobyl: A Mystery Few Seem Interested in Solving
• U.K. election regulator says hackers had access for over a year but elections still secure
• Exclusive: DHS Used Clearview AI Facial Recognition In Thousands Of Child Exploitation Cold Cases
• Eight Months Pregnant and Arrested After False Facial Recognition Match - The New York Times
• New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips | WIRED
• New Inception attack leaks sensitive data from all AMD Zen CPUs
• Spyware maker LetMeSpy shuts down after hacker deletes server data | TechCrunch
• ‘Crypto couple’ pleads guilty to money laundering, as husband admits to carrying out Bitfinex hack
• Google Online Security Blog: Android 14 introduces first-of-its-kind cellular connectivity security features
• Risky Biz News: Russian bill will hide the PII data of military, police, and intelligence agents

Zoom Releases Patches for Multiple Critical Security Vulnerabilities

Video messaging giant Zoom has released patches for multiple security vulnerabilities in its software. The vulnerabilities affect Zoom clients for Windows, macOS, Linux, iOS, and Android, as well as the Zoom Rooms platform. Improper...

The post Zoom Releases Patches for Multiple Critical Security Vulnerabilities appeared first on Penetration Testing.

Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan

Restructuring plan will result in an 18% reduction in employee headcount and closing of some Rapid office locations.

The post Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan appeared first on SecurityWeek.

Microsoft Patch Tuesday, August 2023 Edition

Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including a patch that addresses multiple zero-day vulnerabilities currently being exploited in the wild.

CVE-2023-20569 (Inception): New Transient Execution Attack in AMD Zen CPUs

The latest security vulnerability has been drawn on AMD’s Zen CPUs, where researchers at ETH Zurich have identified a novel and potent transient execution attack known as ‘Inception,’ tracked as CVE-2023-20569. This attack has...

The post CVE-2023-20569 (Inception): New Transient Execution Attack in AMD Zen CPUs appeared first on Penetration Testing.

caracal: Static Analyzer for Starknet smart contracts

Caracal Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts. Features Detectors to detect vulnerable Cairo code Printers to report information Taint analysis Data flow analysis framework Easy to...

The post caracal: Static Analyzer for Starknet smart contracts appeared first on Penetration Testing.

Microsoft Patches 89 Security Vulnerabilities, Including Two Zero-Days (CVE-2023-38180 & CVE-2023-36884)

Microsoft has once again taken up arms against the ceaseless tide of cyber threats, releasing its August edition of Patch Tuesday. This vital bulwark defends not only the integrity of Microsoft products but also...

The post Microsoft Patches 89 Security Vulnerabilities, Including Two Zero-Days (CVE-2023-38180 & CVE-2023-36884) appeared first on Penetration Testing.

Novel ‘Inception’ Attack Exposes Sensitive Data in CPUs

By Habiba Rashid

Dreams of Science Fiction Realized: ETH Researchers Demonstrate "Inception" Attack on CPUs.

This is a post from HackRead.com Read the original post: Novel ‘Inception’ Attack Exposes Sensitive Data in CPUs

Top SEO Agencies in the UK: Expert Insights

By Owais Sultan

Discover the top UK SEO companies, offering exceptional digital marketing services to drive qualified traffic & profits for your business.

This is a post from HackRead.com Read the original post: Top SEO Agencies in the UK: Expert Insights