Zombieload Attack | Breaking Cybersecurity News | The Hacker News

Zombieload is back. This time a new variant (v2) of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown , Foreshadow and other MDS variants (RIDL and Fallout). Initially discovered in May this year, ZombieLoad is one of the three novel types of microarchitectural data sampling (MDS) speculative execution vulnerabilities that affect Intel processor generations released from 2011 onwards. The first variant of ZombieLoad is a Meltdown-type attack that targets the fill-buffer logic allowing attackers to steal sensitive data not only from other applications and the operating system but also from virtual machines running in the cloud with common hardware. ZombieLoad v2 Affects Latest Intel CPUs Now, the same group of researchers has disclosed details of a second variant of the vulnerability, dubbed ZombieLoad v2 and tracked as CVE-2019-11135 , that r

Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. After the discovery of Spectre and Meltdown processor vulnerabilities earlier last year that put practically every computer in the world at risk, different classes of Spectre and Meltdown variations surfaced again and again. Now, a team of security researchers from multiple universities and security firms has discovered different but more dangerous speculative execution side-channel vulnerabilities in Intel CPUs. The newly discovered flaws could allow attackers to directly steal user-level, as well as system-level secrets from CPU buffers, including user keys, passwords, and disk encryption keys. Speculative execution is a core component of modern processors design that speculatively executes instructions based on assumptions that are considered likely to be true.

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica