Spectre-NG | Breaking Cybersecurity News | The Hacker News

Security researchers from Microsoft and Google have discovered a fourth variant of the data-leaking Meltdown-Spectre security flaws impacting modern CPUs in millions of computers, including those marketed by Apple. Variant 4 comes weeks after German computer magazine Heise reported about a set of eight Spectre-class vulnerabilities in Intel CPUs and a small number of ARM processors, which may also impact AMD processor architecture as well. Variants 1 and 2 (CVE-2017-5753 and CVE-2017-5715), known as Spectre, and Variant 3 (CVE-2017-5754), known as Meltdown, are three processor vulnerabilities disclosed by Google Project Zero researchers in January this year. Now, Microsoft and Google researchers have disclosed Variant 4 (CVE-2018-3639), dubbed Speculative Store Bypass , which is a similar Spectre variant that takes advantage of speculative execution that modern CPUs use to potentially expose sensitive data through a side channel. Speculative execution is a core component...

A team of security researchers has reportedly discovered a total of eight new " Spectre-class " vulnerabilities in Intel CPUs, which also affect at least a small number of ARM processors and may impact AMD processor architecture as well. Dubbed Spectre-Next Generation , or Spectre-NG , the partial details of the vulnerabilities were first leaked to journalists at German computer magazine Heise, which claims that Intel has classified four of the new vulnerabilities as "high risk" and remaining four as "medium." The new CPU flaws reportedly originate from the same design issue that caused the original Spectre flaw , but the report claims one of the newly discovered flaws allows attackers with access to a virtual machine (VM) to easily target the host system, making it potentially more threatening than the original Spectre vulnerability. "Alternatively, it could attack the VMs of other customers running on the same server. Passwords and secret k...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...