New Micro-Op Cache Vulnerability Evades All Previous Fixes For Spectre-Like Attacks
ffkom writes: Modern x86 and ARM CPUs translate opcodes into ops, which are usually stored in a cache of their own for later re-use. Researchers from the university of Virginia have found a way to exploit this for side-channel attacks, where maliciou.....»»
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets
WP Automatic plugin patched, but release notes don't mention the critical fix. Enlarge (credit: Getty Images) Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-.....»»
New infosec products of the week: April 26, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Cyberint, Forcepoint, Invicti Security, Netwrix, Trend Micro, Zero Networks, and WhyLabs. Trend Micro launches AI-driven cyber risk management capabilities T.....»»
FCC votes to restore net neutrality protections in the United States
In an entirely expected move, the Federal Communications Commission has voted to reinstate net neutrality protections in the United States.FCC sealThe vote on Thursday was on the final form of net neutrality rules, following a previous vote on bringi.....»»
Sublime Security secures $20 million to strengthen cloud email security and visibility
Sublime Security has raised $20 million in Series A funding, led by Index Ventures with participation from previous investors Decibel Partners and Slow Ventures. Cybersecurity visionary and Crowdstrike Co-founder & former CTO Dmitri Alperovitch is al.....»»
Dropzone AI raises $16.85 million to combat advanced AI attacks
Dropzone AI has raised $16.85 million in Series A funding. Theory Ventures led the round, adding to their cohort of existing investors Decibel Partners, Pioneer Square Ventures, and In-Q-Tel (IQT). Carta CISO Garrett Held, Head of Security at Postman.....»»
BforeAI raises $15 million to stop attacks before they occur
BforeAI has secured $15 million in Series A funding led by SYN Ventures, with renewed participation from early investors Karma Ventures, Karista, Addendum Capital, and a new investment from the Partnership Fund for New York City. BforeAI autonomously.....»»
Nation-state hackers exploit Cisco firewall 0-days to backdoor government networks
Perimeter devices ought to prevent network hacks. Why are so many devices allowing attacks? Enlarge (credit: Getty Images) Hackers backed by a powerful nation-state have been exploiting two zero-day vulnerabilities in Ci.....»»
How studying trends in human lifespans can measure progress in addressing inequality
People are living longer lives compared to previous generations but, over the last few decades, there has been a hidden shift—they are passing away at increasingly similar ages......»»
Diversity and productivity go branch-in-branch: Scientists share which forests can adapt to climate change
Climate change can be characterized as the Grim Reaper or some other harbinger of dire times for humanity and natural environment, including forests. Previous studies reporting a decline in forest productivity due to climate warming and long-term dro.....»»
Apple Watch Series X might get new and thinner motherboard material
A new supply chain rumor claims that Apple will switch to thinner resin-coated copper motherboards for a future Apple Watch, echoing previous reports of the same coming to the iPhone 17.Apple Watch Series 9Resin-coated copper (RCC) is exactly what it.....»»
New method makes finding bat roosts easier for conservationists
A new algorithm is making it easier for ecologists and conservationists to find bat roost locations—reducing search areas by nearly 375 times their previous size. The technology combines microphone detector data with a bat movement model to identif.....»»
Secureworks enables users to view known vulnerabilities in the context of threat data
Secureworks announced the ability to integrate vulnerability risk context with threat detection to prevent attackers from exploiting known vulnerabilities and expedite response times, improving an organization’s security posture. The integration be.....»»
PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)
More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software’s network monitoring/analysis and security solution, have been published. The critical vulner.....»»
AI set to play key role in future phishing attacks
A staggering increase in QR code phishing (quishing) attacks during 2023 saw them skyrocket up the list of concerns for cyber teams globally, according to Egress. Attacks were both prolific and highly successful, demonstrating how cybercriminals effe.....»»
GenAI can enhance security awareness training
One of the biggest concerns over generative AI is its ability to manipulate us, which makes it ideal for orchestrating social engineering attacks. From mining someone’s digital footprint to crafting highly convincing spear phishing emails, to voice.....»»
Bioluminescence first evolved in animals at least 540 million years ago, pushing back previous oldest dated example
Bioluminescence first evolved in animals at least 540 million years ago in a group of marine invertebrates called octocorals, according to the results of a new study from scientists with the Smithsonian's National Museum of Natural History......»»
Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)
For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a launcher.....»»
Entrust protects users against fraud, phishing and other account takeover attacks
Entrust announced a single-vendor enhanced authentication solution that integrates identity verification (IDV) and identity and access management (IAM) to fight deepfakes, phishing, account takeover (ATO) attacks and other threats. By enhancing Entru.....»»
South Dakota dealership fixes Chevy Impala for free after woman scammed by repair shop
After spending months trying to get her Chevy Impala back from a garage that abruptly closed, a Seattle woman was finally reunited with the car and had the $4,000 repair bill waived......»»
Breaking boundaries in tiny labs: New technology using sound waves has implications for nanoparticle manipulation
Acoustofluidics elegantly merges acoustics with fluid mechanics, enabling precise manipulation of fluids and particles on both micro and nanoscales. This interdisciplinary field plays a crucial role in biomedicine, tissue engineering, and nanoparticl.....»»