Computer scientists from the University of California, the College of William and Mary, and Binghamton University have published a paper detailing a new "design principle" that avoids speculative execution vulnerabilities.
Researchers says that the SafeSpec model supports "speculation in a way that is immune to the sidechannel leakage necessary for attacks such as Meltdown and Spectre". Importantly, the design also avoids the problems associated with other Meltdown/Spectre fixes.
Kaspersky Lab has published a report in which it reveals that a Chinese hacking group has attacked the national data center of an unnamed Central Asian country.
The cyberattacks are said to have been carried out by a group known as LuckyMouse -- but also goes by the names Iron Tiger, Threat Group-3390, EmissaryPanda and APT27. The attacks started in 2017, and Kaspersky says that malicious scrips were injected into official website to conduct country-level waterholing campaign.
Apple says that it is planning to release an iOS update that will block a loophole used by police to access iPhones.
Law enforcement agencies and hackers have been able to exploit a handset's Lightning port to get around passcode limits and brute force their way into a phone. But with the upcoming update, Apple will shut down data access via the Lightning port after an hour if the correct passcode is not entered.
There has been something of a spate of chip vulnerability discoveries recently, and now another one has emerged. Known as Floating Point Lazy State Save/Restore, the security flaw (CVE-2018-3665) is found in Intel Core and Xeon processors and it is another speculative execution vulnerability in a similar vein to Spectre.
The security flaw takes advantage of one of the ways the Linux kernel saves and restores the state of the Floating Point Unit (FPU) when switching tasks -- specifically the Lazy FPU Restore scheme. Malware or malicious users can take advantage of the vulnerability to grab encryption keys. Linux kernel from version 4.9 and upwards, as well as modern versions of Windows and Windows Server are not affected.
The rise of fake news has affected many people's faith in the internet as a reliable source. In order to help with the problem, Adblock Plus maker eyeo is launching a new browser extension called Trusted News.
Available free for Chrome browsers, the extension works by checking domains, websites, and news sources against the world's largest network of fact-checking databases.
Although a large majority of parents (95 percent) say they’re concerned about the risks online gaming poses, they admit to allowing games to entertain their offspring.
A new study by McAfee finds 92 percent of parents allow their children to play at least one hour of video games every day, with eight percent admitting that they allow their children to play more than five hours a day. On average, children play video games for 2.13 hours a day or nearly 15 hours a week.
Dixons Carphone suffers two major security breaches exposing customers' bank card details and personal information
Another week, another cyberattack. This time around, it's the Dixons Carphone group which says it has fallen victim to not one but two major breaches.
The bank card details of 5.9 million customers have been accessed by hackers in the first breach. In the second, the personal records of 1.2 million people have been exposed.
At the moment there are a couple of ways to install Chrome extensions -- either via the Chrome Web Store as Google would prefer, or via an inline installation from any website.
Aware that this latter option opens up the possibility of people installing malicious extensions, Google is clamping down. Starting today, all newly-published extensions can only be installed via the Chrome Web Store, and this restriction will extend to existing extensions over the remainder of the year.
Historically, infrastructure systems and operational technology (OT) were designed to work in isolation from IT. But in the modern world these environments are increasingly converged and that can open up new attack routes.
Cyber exposure specialist Tenable is launching a new solution to manage Cyber Exposure holistically across IT and OT systems. This is based on enhancements to the Tenable.io platform and Industrial Security, an asset discovery and vulnerability detection solution for OT systems, delivered in partnership with Siemens.
Reporters covering the historic meeting between Donald Trump and Kim Jong-Un in Singapore have been given a gift bag that has security experts concerned.
In addition to bottled water and a local guidebook, the gift bag also contained a USB fan. While on the face of it this would seem to offer a way to combat the Singaporean heat, the fan also sparked warnings that it could be laced with malware.
As the world increasingly turns to mobile devices to access the internet and conduct business, so firms are eager to put out their own apps.
But new research from security ratings company BitSight reveals that many companies may be rushing out apps that have vulnerabilities which could lead to data leakage, privilege abuse, unencrypted personally identifiable information (PII), and credential theft.
Bitcoin has once again demonstrated its volatility, dropping in value by 10 percent following news of an attack and theft from the South Korean exchange Coinrail.
Coinrail has confirmed that it suffered a "cyber intrusion" and while it did not specify the value of the coins stolen, local news outlet Yonhap News estimated it to be $37.28 million based on a loss of about 30 percent of the coins traded on the exchange.
A security researcher has discovered a vulnerability in the OnePlus 6 bootloader. The flaw makes it possible for someone to boot arbitrary or modified images -- even if the bootloader is locked.
Exploiting the vulnerability requires someone to have physical access to the phone, and after this it is a relatively simple task to restart the handset in fastboot mode. From here is would be possible to load a modified boot image, including one that has root access.
Currency miners continue to top the malware charts according to Check Point Software's latest Global Threat Index.
May 2018 marks the fifth consecutive month where cryptomining malware has dominated Check Point's index. The Coinhive cryptominer impacted 22 percent of organizations globally during May -- up from 16 percent in April, an increase of nearly 50 percent.
Last week event ticketing company Ticketfly suffered a cyberattack which saw the site taken offline for a number of days. The site is now back up and running, and Ticketfly has revealed the extent and impact of the hack.
The company says that data from 27 million Ticketfly accounts was accessed, including names, addresses, email addresses and phone numbers. Customers are assured that passwords and credit card details remain safe.