Researchers Devise New Speculative Execution Attacks Against Some Intel, AMD CPUs

"Retbleed" bypasses a commonly used mechanism for protecting against a certain kind of side-channel attack. [TechWeb]( Follow Dark Reading: [RSS]( July 14, 2022 LATEST SECURITY NEWS & COMMENTARY [Researchers Devise New Speculative Execution Attacks Against Some Intel, AMD CPUs]( "Retbleed" bypasses a commonly used mechanism for protecting against a certain kind of side-channel attack. [QuickBooks Vishing Scam Targets Small Businesses]( Businesses receive an invoice via email with a credit card charge and are asked to call a fake number and hand over personal information to receive a refund. [3 Golden Rules of Modern Third-Party Risk Management]( It's time to expand the approach of TPRM solutions so risk management is more effective in the digital world. [Keep Humans in the Loop in SOC Operations]( Machine learning and automation can help free up security pros for higher-value tasks. [Microsoft: 10,000 Orgs Targeted in Phishing Attack That Bypasses Multifactor Authentication]( The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials. [MacOS Bug Could Let Malicious Code Break Out of Application Sandbox]( Microsoft reveals now-fixed flaw in Apple's App Sandbox controls could allow attackers to escalate device privileges and deploy malware. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials]( Scams pressure victims to "resolve an issue that could impact their status, business." [Identity Access Management Is Set for Exploding Growth, Big Changes — Report]( New research says IAM spending will grow on the back of affordable subscription services, spurred by cloud and mobile adoption, IoT, and continued remote working. [Cybersecurity Has a Talent Shortage & Non-Technical People Offer a Way Out]( It's time to tap the large reservoir of talent with analytical skills to help tackle cybersecurity problems. Train workers in cybersecurity details while using their ability to solve problems. [MORE]( EDITORS' CHOICE [Microsoft Issues Fixes for 84 Vulnerabilities: Here's What to Patch Now]( July's security update included fixes for one actively exploited flaw, more than 30 bugs in Azure Site Recovery, and four privilege escalation bugs in Windows Print Spooler. LATEST FROM THE EDGE [Internet Searches Reveal Surprisingly Prevalent Ransomware]( Two mostly defunct threats — WannaCry and NonPetya — top the list of ransomware searches, but does that mean they are still causing problems? LATEST FROM DR TECHNOLOGY [Welcome-Back-to-the-Future Shock]( This year's RSA Conference saw a strange mix of selling the future and the past — for good reason. WEBINARS - [Assessing Cyber Risk]( Top executives often ask, "how safe are we from a cyber breach?" But it can be difficult to quantitatively measure cyber risk, and even harder to assess your organization's attack surface. In this webinar, you'll learn how to evaluate your ... - [Building and Maintaining Security at the Network Edge]( Advances in networking and new technologies have expanded the possibilities of deploying applications at the network edge. These edge devices bring with them their own security management challenges and risks. How do you scale your security to manage the sheer ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [Five Best Practices for AWS Security Monitoring]( - [The Many Risks of Modern Application Development]( - [The Many Facets of Modern Application Development]( - [Endpoint Detection Net Suite Use Cases]( - [Optimizing Endpoint Protection]( [View More White Papers >>]( FEATURED REPORTS - [Rethinking Endpoint Security in a Pandemic and Beyond]( IT security teams are expending the concept of "endpoint security" as companies adjust to a distributed workforce. How much responsibility will enterprise IT take for the security of personal devices such as printers. How will they manage identities across multiple ... - [How Enterprises Are Securing the Application Environment]( Download this report from Dark Reading to learn more about the measures enterprises have adopted to ensure the security of their internally developed applications and third-party packaged applications. - [How Enterprises Plan to Address Endpoint Security Threats in a Post-Pandemic World]( Dark Reading's 2022 Endpoint Security Report examines how IT and cybersecurity professionals are grappling with the impact of pandemic-related changes on endpoint security strategies. The report explores how they are building their endpoint security defenses, and provides insight on what organizations ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Exostar Empowers SMBs with Enhanced, Low-Cost, Easy-to-Use Microsoft 365 and CMMC 2.0 Solutions]( [New Research Reveals 93% of Organizations Surveyed Have Had Failed IIoT/OT Security Projects]( [US Government and QuSecure Orchestrate First-Ever Post-Quantum Encryption Communication over a Government Network]( [Survey: Small Cybersecurity Teams Face Greater Risk from Attacks than Larger Enterprises]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [What Every Enterprise Should Know About Security Product Testing]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)