Hertzbleed: how GPUs can leak data to hackers
American researchers have discovered an unusual way for hackers to steal data. A so-called GPU.zip attack allows sensitive images to be captured from within the Chrome browser. The cause: compressing data to make graphics chips do their work faster.
Integrated chips from AMD and Intel are partic... Read more
GitLab warns of vulnerability that allows hackers to run pipelines
GitLab is warning its users about a vulnerability that allows hackers to run pipelines via scheduled security scan policies. In this case, the hacker pretends to be another user. An update to the latest version of the open-source software management platform is desired.
The critical vulnerabilit... Read more
Cisco BroadWorks platform hit by serious vulnerability
Two Cisco BroadWorks services have been hit by a serious vulnerability. It allows hackers to gain access to a system.
The vulnerability known as CVE-2023-20238 has received the maximum CVSS score of 10.0, demonstrating its high severity. Attackers can remotely forge login credentials to bypass a... Read more
Ivanti continues to patch vulnerabilities, this time for Sentry
Ivanti has patched a vulnerability in its software for the third time within a month. This time it involves an authentication bypass in Ivanti Sentry, formerly known as MobileIron Sentry.
Ivanti Sentry is a gateway that manages and encrypts traffic between companies' mobile devices and underlyin... Read more
WinRAR contains severe vulnerability, patch available
WinRAR users, without a patch, are vulnerable to CVE-2023-40477, a serious software flaw. The bug allows attackers to execute code on the victim's machine after the latter opens a file.
The vulnerability appears to be a result of an incomplete validation step during recovery volume processing. T... Read more
Guest accounts Microsoft 365 lead to major cyber threat
During Black Hat USA 2023 in Las Vegas, many new cyber threats are being revealed to the outside world. One of them involves a vulnerability in Microsoft 365 guest accounts, which turn out to be less secure that the tech giant will have thought. Armed with only a trial version of Power Apps and a g... Read more
Large AMD vulnerability can leak data on all Zen chips
The so-called Inception vulnerability lets Zen chips "dream," according to researchers at ETH Zürich. Hackers can exploit the flaw to make a compromised system leak data in a novel way. At stake are all products with a Zen architecture, from consumer Ryzen CPUs from 2020 to the latest Epyc server ... Read more
10 ways to attack an LLM
The popularity of generative AI is only growing. Nvidia is struggling to deliver the huge demand for AI-capable hardware as organizations look to capitalize on the power of LLMs (large language models). OWASP (Open Worldwide Application Security Project) sees many ways things can go wrong with this... Read more
Fortinet and Microsoft lead list of most abused exploits of 2022
A flaw in Fortinet software is the most abused vulnerability of 2022, as a recent survey by U.S. security and cybersecurity agencies showed. Microsoft also grossed in the number of commonly abused exploits.
In their overview, the security services FBI, NSA and cybersecurity watchdog CISA indicat... Read more
Microsoft’s cybersecurity criticized again: ‘Even worse than we thought’
A "critical" vulnerability in Azure AD just won't be addressed by Microsoft. The tech giant appears to have known about it since March but keeps putting off fixing it. The CEO of the cybersecurity company that reported the vulnerability is now expressing his frustration with this slow response onli... Read more