A newly discovered vulnerability in AMD chips allows malicious actors to perform remote code execution (RCE) and privilege escalation in virtual machines.
Cybersecurity researchers from the CISPA Helmholtz Center for Information Security in Germany detailed a vulnerability they named StackWarp, a hardware vulnerability in AMD CPUs that breaks the protections of confidential virtual machines, by manipulating how the processor tracks the stack, and letting a malicious insider or hypervisor change program flow or read sensitive data inside a protected VM.
Read more…
Source: Techradar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover
July 17, 2020
About 8,000 users of F5 Networks’ BIG-IP family of networking devices are still vulnerable to full system access and remote code-execution (RCE), despite a patch for a critical flaw being available for two weeks. The BIG-IP family consists of application delivery controllers, Local Traffic Managers (LTMs) and domain name system (DNS) managers, together offering built-in security, ...
- 3 Vulnerabilities Found on AvertX IP Cameras
July 17, 2020
On February 24, 2020, Palo Alto Networks Unit 42 researchers found vulnerabilities present in AvertX IP cameras running the latest firmware. Three vulnerabilities were found in AvertX IP cameras with model number HD838 and 438IR, as confirmed by AvertX. These products are surveillance cameras intended to be used outdoors with infrared and object detection technology built-in. ...
- RECON bug lets hackers create admin accounts on SAP servers
July 14, 2020
Business giant SAP released a patch today for a major vulnerability that impacts the vast majority of its customers. The bug, codenamed RECON, exposes companies to easy hacks, according to cloud security firm Onapsis, who discovered the vulnerability earlier this year, in May, and reported it to SAP to have it patched. Onapsis says RECON allows malicious ...
- Critical DNS Bug Opens Windows Servers to Infrastructure Hijacking
July 14, 2020
A critical Microsoft Windows Server bug opens company networks to hackers, allowing them to potentially seize control of IT infrastructures. Microsoft issued a patch for the bug on Tuesday as part of its July Patch Tuesday roundup. It turns out that the bug is 17 years old. Impacted are Windows Server versions from 2003-2019. The bug, ...
- Zoom Zero-Day Allows RCE, Patch on the Way
July 10, 2020
A newly discovered bug in the Zoom Client for Windows could allow remote code-execution, according to researchers at 0patch, which disclosed the existence of the flaw on Thursday after pioneering a proof-of-concept exploit for it. The issue was confirmed for Threatpost by a Zoom spokesperson. The 0patch team said that the vulnerability is present in any ...
- Patch Now: F5 Vulnerability with CVSS 10 Severity Score
July 7, 2020
F5 Networks, a provider of networking devices and services, urges users to patch their BIG-IP networking systems as soon as possible, after the provider disclosed two vulnerabilities. First of these is CVE-2020-5902, a critical remote code execution (RCE) vulnerability found in BIG-IP device’s Traffic Management User Interface (TMUI). CVE-2020-5902 received a 10 out of 10 score on the Common ...