Tag: Hardware
-
Breaking Down the AMD Zen Microcode Flaw: Bug Hunters Investigate Signature Validation Issue
by
in SecurityNewsA recent vulnerability analysis made by the Google Bug Hunters team reveals an important flaw in the microcode signature validation process for AMD Zen processors. This AMD Zen processor vulnerability, which was publicly disclosed in February 2025, sheds light on potential risks associated with AMD’s microcode patching mechanism”, a process that allows the company to…
-
Tails 6.13 Linux Distro Released with Enhanced Wi-Fi Hardware Detection
The Tails Project has launched Tails 6.13, the latest version of its privacy-centric Linux distribution, introducing improved Wi-Fi troubleshooting tools, updated anonymity software, and fixes for persistent storage and installation workflows. Targeted at users prioritizing security and anonymity, this release addresses common hardware compatibility challenges while refining the user experience. Enhanced Wi-Fi Hardware Detection and…
-
AMD Microcode Vulnerability Allows Attackers to Load Malicious Patches
by
in SecurityNewsA critical vulnerability in AMD’s Zen 1 through Zen 4 processors allows attackers to bypass microcode signature validation, potentially undermining hardware-based security mechanisms. The flaw stems from AMD’s use of AES-CMAC as a hash function during microcode patch verification a design decision that enables collision attacks and forged RSA keys. Vulnerability Rooted in Cryptographic […]…
-
The Badbox botnet is back, powered by up to a million backdoored Androids
by
in SecurityNewsBest not to buy cheap hardware and use third-party app stores if you want to stay clear of this vast ad fraud effort First seen on theregister.com Jump to article: www.theregister.com/2025/03/07/badbox_botnet_returns/
-
Key Takeaways from the CSA Understanding Data Security Risk Survey
by
in SecurityNews
Tags: access, ai, attack, automation, business, cloud, compliance, control, data, encryption, Hardware, intelligence, monitoring, network, regulation, risk, risk-management, software, strategy, switch, tool, update, vulnerabilityKey Takeaways from the CSA Understanding Data Security Risk Survey madhav Tue, 03/04/2025 – 04:32 As hybrid and multi-cloud environments become increasingly popular, identifying, prioritizing, and mitigating data security risks becomes increasingly complex. How can we tackle this complexity? By gaining insight into how organizations handle risk. That’s the goal of the latest Cloud Security…
-
Die besten XDR-Tools
by
in SecurityNews
Tags: attack, business, cloud, computing, container, crowdstrike, cyberattack, detection, edr, endpoint, firewall, google, Hardware, ibm, identity, incident response, infrastructure, mail, malware, marketplace, microsoft, ml, network, office, okta, risk, security-incident, service, siem, soar, software, tool, vulnerabilityLesen Sie, worauf Sie in Sachen XDR achten sollten und welche Lösungen sich in diesem Bereich empfehlen.Manuelles, siloartiges Management ist in der modernen IT-Welt unangebracht. Erst recht im Bereich der IT-Sicherheit: Der Umfang von modernem Enterprise Computing und State-of-the-Art-Application-Stack-Architekturen erfordern Sicherheits-Tools, die:Einblicke in den Sicherheitsstatus von IT-Komponenten ermöglichen,Bedrohungen in Echtzeit erkennen, undAspekte der Bedrohungsabwehr automatisieren.Diese…
-
KernelSnitch: Uncovering a New Side-Channel Attack on Data Structures
by
in SecurityNewsResearchers at Graz University of Technology have uncovered a groundbreaking software-based side-channel attack,KernelSnitch, which exploits timing variances in Linux kernel data structures. Unlike hardware-dependent attacks, KernelSnitch targets hash tables, radix trees, and red-black trees, enabling unprivileged attackers to leak sensitive data across isolated processes, as per a report by a Researcher Published on Github. The…
-
Hardware Crypto Wallets vs. Mobile vs. Desktop: Which Should You Choose?
by
in SecurityNewsCrypto wallets are essential in keeping your cryptocurrency safe. There are different types of wallets available and choosing… First seen on hackread.com Jump to article: hackread.com/hardware-crypto-wallets-vs-mobile-vs-desktop/
-
IT-Sicherheit über den gesamten Hardware-Lebenszyklus gewährleisten
by
in SecurityNews
Tags: HardwareDie Zahlen des neuen Device Lifecycle Report von HP unterstreichen, wie wichtig es ist, Notebooks, PCs und Drucker zu schützen und dies über den gesamten Lebenszyklus hinweg [1]. Schließlich ist eine funktionierende und abgesicherte IT Hardware entscheidend für den Erfolg der meisten Unternehmen. Neben der zeitlichen Dauer des Einsatzes ist es vor allem die… First…
-
Wie man PKI in bestehende Infrastrukturen integriert: 5 Schritte zum Erfolg
by
in SecurityNewsDie Einbindung moderner Public Key Infrastructure (PKI) in bestehende Produktionsumgebungen stellt viele Unternehmen vor erhebliche Herausforderungen. Besonders in Brownfield-Umgebungen mit veralteter OT-Hardware und -Software erschweren etablierte Praktiken und Bedenken hinsichtlich der Komplexität die nahtlose Integration innovativer Sicherheitslösungen. BxC Security, ein Cybersicherheitsunternehmen im Bereich der Operational Technology (OT) und Industrial Internet of Things (IIoT), hat… First…
-
Hardware Cryptographic Accelerators to Enhance Security Without Slowing Down
by
in SecurityNewsFrom smartphones to smart homes and even industrial applications, embedded systems are everywhere. But as these systems become more prevalent in our daily lives, the risks of cyber threats grow just as fast. That’s why it’s essential to build security into these embedded systems by design. And just as important as security itself is how……
-
Lifecycle-Managementlösung für FIDO-Schlüssel
by
in SecurityNewsThales gibt die Einführung von bekannt. Dabei handelt es sich um eine neue Lösung, die großen Unternehmen bei der erfolgreichen Bereitstellung und Verwaltung von FIDO-Sicherheits-Passkeys im großen Maßstab helfen soll. One-Welcome-FIDO-Key-Lifecycle-Management kombiniert eine interoperable Managementplattform mit den FIDO-Hardware-Sicherheitsschlüsseln von Thales (Passkeys). Der Anbieter hat sie eigens für die Nutzung in großen Unternehmen entworfen. Die […] First seen on…
-
CHERI Security Hardware Program Essential to UK Security, Says Government
by
in SecurityNewsNCSC CTO Ollie Whitehouse discussed a UK government-backed project designed to secure underlying computer hardware, preventing most vulnerabilities from occurring First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cheri-security-hardware-uk-security/
-
Intel Patched 374 Vulnerabilities in 2024
by
in SecurityNewsIntel says roughly 100 of the 374 vulnerabilities it patched last year were firmware and hardware security defects. The post Intel Patched 374 Vulnerabilities in 2024 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/intel-patched-374-vulnerabilities-in-2024/
-
Protecting Your Software Supply Chain: Assessing the Risks Before Deployment
by
in SecurityNewsImagine you’re considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization’s environment.…
-
Fortifying cyber security: What does secure look like in 2025?
by
in SecurityNews
Tags: access, ai, attack, authentication, business, compliance, cyber, cybercrime, cybersecurity, deep-fake, exploit, finance, Hardware, intelligence, least-privilege, malware, mfa, nis-2, phishing, regulation, resilience, risk, risk-management, scam, software, threat, training, update, vulnerability, zero-trustThe evolving cybersecurity landscape has increased security pressures for IT leaders. With the World Economic Forum estimating, the global cost of cybercrime is projected to reach $10.5trillion annually in 2025, the situation is only escalating[1]. The rise of new technologies, such as Artificial Intelligence (AI), and the complexities introduced by flexible working have made IT…
-
The Explosion of Hardware-Hacking Devices
Due to the growing popularity of the ESP32 IoT platform adoption by security professionals, this article raises several security concerns addressing firmware attacks that could target this user population and what you can do to protect yourself. Introduced in August 2020 following a $4.8 million Kickstarter campaign, the FlipperZero quickly became one of the most……
-
Die besten Cyber-Recovery-Lösungen
by
in SecurityNews
Tags: access, ai, backup, business, cloud, cyber, cyberattack, data, detection, endpoint, Hardware, incident response, mail, malware, microsoft, mitigation, monitoring, ransomware, risk, saas, service, software, threat, tool, update, vulnerability, zero-trust -
Zyxel won’t patch endlife routers against zero-day attacks
Networking hardware vendor Zyxel has no plans to patch multiple end-of-life routers against new zero-day flaws and advises customers to replace affected devices entirely. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366618782/Zyxel-wont-patch-end-of-life-routers-against-zero-day-attacks
-
Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers
by
in SecurityNewsThe Taiwanese hardware maker says it has no plans patch the flaws impacting legacy router models First seen on techcrunch.com Jump to article: techcrunch.com/2025/02/05/router-maker-zyxel-tells-customers-to-replace-vulnerable-hardware-exploited-by-hackers/
-
CISA Releases New Guidelines to Secure Firewalls, Routers, and Internet-Facing Servers
by
in SecurityNews
Tags: cisa, cyber, cybersecurity, firewall, Hardware, infrastructure, international, Internet, network, router, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new set of guidelines to fortify firewalls, routers, internet-facing servers, and other edge devices against cyber threats. This collaborative guidance, supported by leading international cybersecurity organizations, aims to address vulnerabilities in hardware that form the backbone of critical infrastructure and operational networks worldwide. Edge devices”,…
-
AMD patches microcode security holes after accidental early disclosure
by
in SecurityNewsAMD on Monday issued two patches for severe microcode security flaws, defects that AMD said “could lead to the loss of Secure Encrypted Virtualization (SEV) protection.” The bugs were inadvertently revealed by a partner last week. The most dangerous time for this kind of security hole is right after it is disclosed and before patches…
-
Medizinischer Überwachungsmonitor: Hintertür in Contec CMS8000 entdeckt
by
in SecurityNewsAngreifer können medizinische Hardware von Contec attackieren. Dabei kann Schadcode auf Geräte gelangen. Bislang gibt es kein Sicherheitsupdate. First seen on heise.de Jump to article: www.heise.de/news/Medizinischer-Ueberwachungsmonitor-Hintertuer-in-Contec-CMS8000-entdeckt-10267466.html
-
Want to be an effective cybersecurity leader? Learn to excel at change management
by
in SecurityNews
Tags: authentication, awareness, business, cio, ciso, cloud, compliance, corporate, cybersecurity, finance, fraud, group, guide, Hardware, identity, jobs, password, privacy, risk, risk-management, service, skills, software, strategy, technology, threat, vulnerability, zero-trustIf there’s one thing that’s inevitable in cybersecurity, it’s change. Ever-evolving technology requires new protections, threats seem to multiply and morph on a daily basis, and even the humblest pieces of software and hardware demand constant updating to stay secure.That work has been increasing as the importance, visibility, and impact of security initiatives have ramped…
-
Geräte-Lifecycle im Griff – Sicherheit von Hardware und Firmware kommt zu kurz
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/-it-sicherheitsherausforderungen-unternehmen-2025-a-b26dd91a2c45062499c15e8e5ff097c5/
-
Critical Isolation Vulnerability in Intel Trust Domain Extensions Exposes Sensitive Data
by
in SecurityNewsResearchers from IIT Kharagpur and Intel Corporation have identified a significant security vulnerability in Intel Trust Domain Extensions (TDX), a foundational technology designed to ensure robust isolation between virtual machines (VMs) in secure environments. The study reveals that hardware performance counters (HPCs), meant for performance monitoring, can be exploited by Virtual Machine Managers (VMMs) to…
-
ETW Threat Intelligence and Hardware Breakpoints
by
in SecurityNewsLearn to bypass EDR detection using NtContinue for hardware breakpoints without triggering ETW Threat Intelligence. This technical blog explores kernel debugging, debug registers, and EDR evasion with code examples. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/etw-threat-intelligence-and-hardware-breakpoints/
-
10 top XDR tools and how to evaluate them
by
in SecurityNews
Tags: ai, attack, automation, business, cloud, computing, container, corporate, credentials, data, defense, detection, edr, email, encryption, endpoint, finance, firewall, google, guide, Hardware, iam, ibm, identity, incident response, infrastructure, intelligence, malicious, malware, marketplace, microsoft, mitigation, network, office, okta, open-source, organized, risk, security-incident, service, siem, skills, soar, software, spam, technology, threat, tool, training, vulnerability, zero-dayLittle in the modern IT world lends itself to manual or siloed management, and this is doubly true in the security realm. The scale of modern enterprise computing and modern application stack architecture requires security tools that can bring visibility into the security posture of modern IT components and integrate tightly to bring real-time threat…