Exploiting Spectre Over the Internet

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, were sharing proof-of-concept PoC code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome...

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

A new research has yielded yet another means to pilfer sensitive data by exploiting what's the first "on-chip, cross-core" side-channel attack targeting the ring interconnect used in Intel Coffee Lake and Skylake processors. Published by a group of academics from the University of Illinois at...

CentOS 6 : kernel (CESA-2019:1488) (SACK Panic) (SACK Slowness)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RHEL 6 : kernel (RHSA-2019:1490)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1490 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: An integer overflow flaw was found in...

RHEL 6 : kernel (RHSA-2019:1489)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1489 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: An integer overflow flaw was found in...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

The vulnerabilities of Intel processors based on Skylake and Kaby Lake architectures are related to implementation errors in the SMT technology, which allow attackers to exploit these vulnerabilities to disclose protected information.

The vulnerability of Intel processors with Skylake and Kaby Lake architectures is related to errors in the implementation of SMT technology. Exploiting this vulnerability can allow attackers to disclose protected information...

Scientific Linux Security Update : microcode_ctl on SL6.x, SL7.x i386/x86_64 (20180116) (Spectre)

This update supersedes the previous microcode update provided with the CVE-2017-5715 Spectre CPU branch injection vulnerability mitigation. Further testing has uncovered problems with the microcode provided along with the Spectre mitigation that could lead to system instabilities. As a result, th...

Scientific Linux Security Update : linux-firmware on SL7.x (noarch) (20180116) (Spectre)

This update supersedes the previous microcode update provided with the CVE-2017-5715 Spectre CPU branch injection vulnerability mitigation. Further testing has uncovered problems with the microcode provided along with the Spectre mitigation that could lead to system instabilities. As a result, th...

On ROCA, KRACK, BoundHook, Google Advanced Protection

Threatpost editors Mike Mimoso and Tom Spring recap this week’s infosec news starting with the ROCA vulnerabilities affecting factorization of RSA private keys, the KRACK WPA2 Wi-Fi vulnerabilities, the BoundHook attacks, and Google’s introduction of Advanced Protection for Gmail. Download: Music...

BoundHook Attack Exploits Intel Skylake MPX Feature

A post-intrusion technique developed by researchers at CyberArk Labs called BoundHooking allows attackers to exploit a feature in all Intel chips introduced since Skylake. The attack technique allows for the execution of code from any process without detection by antivirus software or other...

openSUSE Security Update : the Linux Kernel (openSUSE-2017-716) (Stack Clash)

The openSUSE Leap 42.2 kernel was updated to 4.4.72 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be...

McAfee founder: the Surface Pro 4 will have a 1 0 0 security vulnerabilities-vulnerability warning-the black bar safety net

Microsoft's next generation Surface Pro 4 fusion their Windows 1 0 OS, Intel Skylake six-generation Core Processor, the overall performance is still very good, of course, also added a variety of hardware and software security features, however, McAfee's founder John McAfee may not be so confident...