amd epyc processor | Breaking Cybersecurity News | The Hacker News

AMD has finally acknowledged 13 critical vulnerabilities, and exploitable backdoors in its Ryzen and EPYC processors disclosed earlier this month by Israel-based CTS Labs and promised to roll out firmware patches for millions of affected devices 'in the coming weeks.' According to CTS-Labs researchers, critical vulnerabilities ( RyzenFall, MasterKey, Fallout, and Chimera ) that affect AMD's Platform Security Processor (PSP) could allow attackers to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems. Although exploiting AMD vulnerabilities require admin access, it could help attackers defeat important security features like Windows Credential Guard, TPMs, and virtualization that are responsible for preventing access to the sensitive data from even an admin or root account. In a press release published by AMD on Tuesday, the company downplays the threat by saying that, "any attacker gaining unauthorised ad

Security researchers claimed to have discovered 13 critical Spectre/Meltdown -like vulnerabilities throughout AMD's Ryzen and EPYC lines of processors that could allow attackers to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems. All these vulnerabilities reside in the secure part of the AMD's Zen architecture processors and chipsets—typically where device stores sensitive information such as passwords and encryption keys and makes sure nothing malicious is running when you start your PC. The alleged vulnerabilities are categorized into four classes—RYZENFALL, FALLOUT, CHIMERA, and MASTERKEY—and threaten wide-range of servers, workstations, and laptops running vulnerable AMD Ryzen, Ryzen Pro, Ryzen Mobile or EPYC processors. Discovered by a team of researchers at Israel-based CTS-Labs, newly disclosed  unpatched vulnerabilities defeat AMD's Secure Encrypted Virtualization (SEV) technology and could

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or