More than half of IT professionals are extremely concerned about the security of corporate endpoints in the face of sophisticated attack vectors like ransomware, disruptionware, phishing and others.
- This new speculative-execution-based attack exploits flaws in the CPU architecture to potentially leak information from protected memory
- Dubbed LVI-LFB (Load Value Injection in the Line Fill Buffers), this is a novel attack (CVE-2020-0551)
- Bitdefender has developed a synthetic Proof of Concept which demonstrates the viability of this new attack
- Existing mitigations for previous attacks, such-as Meltdown, Spectre, and MDS are not sufficient to completely remove the new vulnerability
A Brief History Leading to LVI-LFB
In 2018, two new types of microarchitectural side-channel attacks were disclosed: Meltdown and Spectre. Meltdown allows an attacker to speculatively access memory that is inaccessible, while Spectre allows an attacker to alter the branch prediction structures in order to gain speculative arbitrary code execution. In 2019, another class of microarchitectural side-channel attacks was disclosed: Microarchitectural Data Sampling, or MDS. It allows an attacker to pick-up in-flight data from various microarchitectural data structures (line fill buffers or LFBs - MFBDS, load ports - MLPDS or store buffers - MSBDS).
The username/password combo is still the dominant method of authentication used to access business devices, apps and data. Conversely, the password is still the top attack vector for organizations of all sizes, new research shows.
More than half of healthcare vendors have suffered at least one breach of protected health data belonging to patients of the healthcare providers they serve, new research shows. On average, a breach exposes around 10,000 patient records and inflicts $2.75 million in damages.
The word “ransomware” strikes fear in the hearts of chief technical officers. Their impulse in the face of an attack is to say it was random, but that’s usually not true. Targeted ransomware is the result of a complex process that involves more than just the initial infection – and it presents more challenges than a regular incident.
Recently, a facial recognition vendor that consolidates billions of photos to fuel its artificial intelligence (AI) people-searching platform admitted to a major breach. On its surface, the incident is a pretty standard exposure of client list details. But scratch a little deeper and the problems inherent with the breach highlight some of the dangers and cyber risks hiding under the gigantic iceberg that is AI technology today.
A wide range of information is lost in a data breach, starting from more innocuous things like an email address to more dangerous items such as financial details. In a recent survey, 20% of the people interviewed had their financial data leaked in a data breach.
One of the biggest weaknesses in any environment is maintaining effective authentication and authorization controls.
Fewer than one in four city employees receive cyber training related to ransomware threats as budgets for managing cyberattacks have stagnated across U.S. state institutions.
Physical security systems across Europe are not properly optimized and some of them need improvements in 2020, according to a survey of 1,000 IT decision-makers.
Insider threats present themselves in a variety of ways, and a person isn’t always responsible. Most insider threats are a mix of technology, personnel, and security, according to officials from the US Department of State.
More and more businesses are falling victim to Business Email Compromise, where scammers fool companies into transferring money into the bank accounts of criminals.
