A newly discovered vulnerability in AMD chips allows malicious actors to perform remote code execution (RCE) and privilege escalation in virtual machines.
Cybersecurity researchers from the CISPA Helmholtz Center for Information Security in Germany detailed a vulnerability they named StackWarp, a hardware vulnerability in AMD CPUs that breaks the protections of confidential virtual machines, by manipulating how the processor tracks the stack, and letting a malicious insider or hypervisor change program flow or read sensitive data inside a protected VM.
Read more…
Source: Techradar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Researchers warn of unpatched Kaseya Unitrends backup vulnerabilities
July 26, 2021
Security researchers warn of three new zero-day vulnerabilities in the Kaseya Unitrends service and advise users not to expose the service to the Internet. Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery solution that is offered as a stand-alone solution or as an add-on for the Kaseya VSA remote management platform. Read more… Source: Bleeping Computer
- Apple fixes zero-day affecting iPhones and Macs, exploited in the wild
July 26, 2021
Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs. The vulnerability, tracked as CVE-2021-30807, is a memory corruption issue in the IOMobileFramebuffer kernel extension reported by an anonymous researcher. Read more… Source: Bleeping Computer
- Fortinet fixes bug letting unauthenticated hackers run code as root
July 20, 2021
Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges. Both FortiManager and FortiAnalyzer are enterprise-grade network management solutions for environments with up to 100,000 devices. They are available as a physical appliance, as a virtual machine, ...
- iPhones running latest iOS hacked to deploy NSO Group spyware
July 19, 2021
Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a recent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple’s latest iOS release, hacked using zero-day zero-click iMessage exploits. “Amnesty International has observed evidence of compromise of the iPhone XR of an Indian journalist ...
- iPhone WiFi bug morphs into zero-click hacking, but there’s a fix
July 19, 2021
Security researchers investigating a bug that crashed the Wifi service on iPhones found that it could be exploited for remote code execution without user interaction. When initially disclosed, the bug could disable an iPhone’s WiFi connection after trying to connect to a network with a name (SSID) that included a special character. Read more… Source: Bleeping Computer
- UK and White House blame China for Microsoft Exchange Server hack
July 19, 2021
The UK government has formally laid the blame for the Microsoft Exchange Server cyberattack at the feet of China. On Monday, the government joined others — including the victim company itself, Microsoft — in claiming the cyberattack was the work of Chinese state-sponsored hackers, namely Hafnium, an advanced persistent threat (APT) group. The United States, NATO, and ...