A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.
A couple of weeks later, after conducting an investigation, the company revealed that only 29 million users were affected by the breach and had their personal data stolen but users’ private messages were not among them. owever, now, BBC has reported that hackers are selling private messages of 81,000 Facebook users’ accounts and claim to have access to details from a total of 120 million accounts. Most of the targeted accounts according to BBC belongs to users in Russia and Ukraine while some from Brazil, the United States, and the United Kingdom.
An academic study of nearly one million Android applications reveals that most apps contain third-party tracking code, and that “news apps and apps targeted at children appear to be amongst the worst in terms of the number of third-party trackers associated with them.”
A new side-channel vulnerability has been discovered called PortSmash that uses a timing attack that to steal information from other processes running in the same CPU core with SMT/hyper-threading enabled. Utilizing this attack, researchers were able to steal the private decryption key from an OpenSSL thread running in the same core as their exploit.
The Department of Homeland Security’s new National Risk Management Center has ambitious goals for changing the way government and industry approach business. But first, it must get organized. NRMC Deputy Director Mark Kneidinger told the Information Security and Privacy Advisory Board at its Nov. 1 meeting that the center spent the past three months staffing up and building an organization with analytical capabilities.