SEARCH
Archive
Intel, Tech Giants Release Updates to Fix New Chip Flaws
Like the earlier Meltdown and Spectre class of bugs, the new side-channel attacks ZombieLoad, RIDL, and Fallout take advantage of weaknesses in the processor's speculative execution feature to harvest secrets from system memory.
Severity of FaceTime Bug Depends on Threat Model
Apple is fixing the FaceTime bug, so it is clearly serious. But how bad it will impact users depend on their personal threat models.
Decades-Old Flaws Found in SCP Clients
Several SCP clients, including OpenSSH, are vulnerable to a set of bugs that can allow an attacker to download arbitrary files.
Critical Kubernetes Bug Gives Anyone Full Admin Privileges
With a 9.8 rating on the Common Vulnerability Scoring System, the privilege escalation flaw in container orchestration system Kubernetes is as bad as it can get. Any user will be able to remotely gain full administrator privileges on any node in the cluster.
NIST Looking at AI to Calculate Bug Severity
IBM has been touting the potential of using Watson to help security analysts analyze large volumes of security data and make security decisions. The National Institutes of Standards and Technology may be considering using AI to help determine the severity of software vulnerabilities.