Recent Security News
-
Intel Sued Over ‘Downfall’ CPU Vulnerability
November 10, 2023 at 09:36AM A class action lawsuit has been filed against Intel over its handling of speculative execution vulnerabilities, specifically the “Downfall” attack. Plaintiffs claim that Intel CPUs are defective, leaving them vulnerable to cyberattacks or with significantly slower performance due to vulnerability fixes. The complaint accuses Intel of selling flawed CPUs despite…
-
France, UK Seek Greater Regulation of Commercial Spyware
November 10, 2023 at 09:36AM France and Britain are advocating for increased global regulation of surveillance software following recent spyware scandals involving Pegasus and Predator. They warned against the unregulated development and use of surveillance technology, citing concerns about security, stability, and human rights. The legal availability of commercial spyware is becoming a growing risk,…
-
First Wave of Vulnerability-Fixing AIs Available for Developers
November 10, 2023 at 07:59AM GitHub has introduced a new code scanning autofix feature as part of its Advanced Security program. The feature uses CodeQL, GitHub’s static-analysis scanner, to identify critical vulnerabilities in code and suggest fixes. This AI-powered tool aims to reduce developers’ time spent on fixing issues and improve the efficiency of vulnerability…
-
Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes
November 10, 2023 at 07:51AM Russian hackers Sandworm targeted a Ukrainian electrical substation, causing a brief power outage in October 2022. The attack involved using OT-level living-off-the-land techniques and a variant of CaddyWiper malware. The exact initial vector remains unclear, but the incident highlights Sandworm’s ongoing efforts to disrupt Ukraine’s power grid. Asset owners globally…
-
US Government Issues Guidance on SBOM Consumption
November 10, 2023 at 07:00AM The US cybersecurity agency CISA, the NSA, and the ODNI have issued new guidance to help software vendors secure the software supply chain. The guidance focuses on assessing security measures throughout the software lifecycle, managing open source software and software bills of materials, and making recommendations for different phases of…