Microprocessors from Intel, AMD, and other companies contain a newly discovered weakness that remote attackers can exploit to obtain cryptographic keys and other secret data traveling through the hardware, researchers said on Tuesday. Hardware manufacturers have long known that hackers can extract secret cryptographic data from a chip by measuring the power it consumes while processing those values. READ MORE...
The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack. When ransomware gangs conduct attacks, they quietly steal corporate data. After harvesting everything of value, the threat actor starts to encrypt devices. READ MORE...
One of the primary hallmarks of an advanced persistent threat (APT) group is its ability to operate undetected for years while carrying out its specific mission. The newest example is "Aoqin Dragon," a China-based APT actor that researchers at SentinelOne recently discovered has been spying on organizations across multiple countries for the past 10 years. The group's primary mission appears to be cyber espionage, and its targets have included organizations in Australia, Cambodia, Hong Kong, and others. READ MORE...
Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that's seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its Internet Explorer (IE) web browser, which turns 27 years old this year. READ MORE...
Siemens and Schneider Electric have released their Patch Tuesday advisories for June 2022. The industrial giants have addressed a total of more than 80 vulnerabilities affecting their products. Siemens has released 14 advisories covering 59 vulnerabilities. Thirty of these flaws, including many rated "critical" and "high severity," impact SINEMA Remote Connect Server. Schneider Electric has released eight advisories to address 24 vulnerabilities identified in its products. READ MORE...
Adobe's security response team has pushed out a massive batch of patches to cover at least 46 vulnerabilities in a wide range of enterprise-facing software products. As part of its scheduled Patch Tuesday release for June, Adobe warned of "critical" code execution flaws that expose both Windows and macOS users to malicious hacker attacks. The most serious of the documented flaws affect Adobe Animate, Adobe Bridge, Adobe Illustrator, Adobe InCopy and Adobe InDesign. READ MORE...
Citrix on Tuesday warned of a critical vulnerability in Citrix Application Delivery Management (ADM) that could essentially allow an unauthenticated attacker to log in as administrator. A centralized management solution, Citrix ADM provides visibility into application delivery infrastructure and simplifies operations through automated management jobs. It is deployed as a server that communicates with agents installed on externally managed appliances. READ MORE...