An academic collaboration—between research departments at Georgia Institute of Technology and Ruhr University Bochum—has produced two white paper studies that disclose details regarding the vulnerable nature of certain generations of Apple Silicon. The documents were made available online earlier in the week; readily accessible through their Predictors.Fail webpage. The "SLAP" attack paper's moniker is derived/abbreviated from its long-form title: "Data Speculation Attacks via Load Address Prediction on Apple" Silicon. A similarly uncatchy acronymization has been generated by the second paper's full title: "Breaking the Apple M3 CPU via False Load Output Predictions"—aka "FLOP" attack. The North American and German security research teams have partnered up in the past—their "iLeakage" speculative execution side-channel attack was documented back in October 2023.

Spectre and Meltdown are the original, and likely most famous/notorious examples of speculative execution CPU vulnerability—owners of particular processor architectures were affected at the start of 2018. The Predictors.Fail bulletin proposes that the latest side-channel attacks affect Apple hardware of 2021 vintage and beyond. The teams introduced SLAP as: "a new speculative execution attack that arises from optimizing data dependencies, as opposed to control flow dependencies." They believe that Apple models: "starting with the M2 and A15 are equipped with a Load Address Predictor (LAP), which improves performance by guessing the next memory address the CPU will retrieve data from based on prior memory access patterns. However, if the LAP guesses wrong, it causes the CPU to perform arbitrary computations on out-of-bounds data, which should never have been accessed to begin with, under speculative execution. Building on this observation, we demonstrate the real-world security risks of the LAP via an end-to-end attack on the Safari web browser, where an unprivileged remote adversary can recover email content and browsing behavior."

The CHERI Alliance CIC (Community Interest Company) today announced its official launch and the expansion of its membership, welcoming Chevin Technology (UK), Critical Technologies (USA), the Defence Science and Technology Laboratory (DSTL, UK), Google (USA), Light Momentum Technology Corporation (Taiwan), National Cyber Security Centre (NCSC, a part of GCHQ, UK), Parvat Infotech (India), SRI International (USA), TechWorks (UK), Trusted Computer Center of Excellence (USA), the University of Birmingham (UK), and the University of Glasgow (UK) as founding members.

Founded to unite hardware security leaders and system developers, the CHERI Alliance aims to establish CHERI (Capability Hardware Enhanced RISC Instructions) as the new standard for memory safety and scalable software compartmentalization.

We have provided an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM. As we said at that time, our investigation was ongoing, and we would provide additional details as appropriate.

In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company's source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised. It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024.

Western Digital has declared that its My Cloud online service has been compromised by a group of hackers late last month: "On March 26, 2023, Western Digital identified a network security incident involving Western Digital's systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company's systems. Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts. This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities."

The statement, issued on April 4, continues: "The Company is implementing proactive measures to secure its business operations including taking systems and services offline and will continue taking additional steps as appropriate. As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data. While Western Digital is focused on remediating this security incident, it has caused and may continue to cause disruption to parts of the Company's business operations."

Over the past couple of years there has been a huge increase in ransomware attacks, and now scientists claim to have a solution that could help protect SSDs from getting encrypted by ransomware. The SSD-Insider++, as the solution has been named, claims to be able to detect ransomware activity and reverse the encryption on the fly.

SSD-Insider++ was developed by a group of engineers from South Korea's Inha University, Daegu Institute of Science and Technology, and the Cyber Security Department at Ewha Womans University (EWU), as well as a researcher from the University of Central Florida in the US. It's a firmware level based protection that looks for patterns of ransomware activity on the drive and stops it before any damage has been done.

Acer Inc. (TWSE: 2353) announced its financial results for the second quarter of 2020: consolidated revenues were NT$65.58 billion; gross profits were NT$7.14 billion with 10.9% margin; operating income was NT$2.13 billion, marking a record high[1] margin of 3.2%; earnings before tax was NT$1.65 billion; and net income was NT$1.20 billion with earnings per share (EPS) of NT$0.40. In the six months ended June 30, 2020, Acer's net income reached NT$1.75 billion, up 57.2% year-on-year (YoY) with EPS of NT$0.58.

In Q2, Acer saw strong business momentum due to work-from-home and distance learning needs in the EMEA (Europe, Middle East, Africa) and Pan America regions, while Pan Asia Pacific continued its recovery from the pandemic lockdown. At the same time, Acer's multiple business engines continued their strong momentum; notable performances in Q2 net income include Acer Cyber Security with 24% growth YoY, Weblink International with 25% growth YoY, and Acer Synergy Tech with 88% growth YoY.

Today, Lenovo, is announcing updates to its portfolio of education solutions to support schools adopting new curriculums and pedagogy as they head back to class in the Fall during the global health crisis. More than 1 billion students, over 90 percent of the world's learners, have been impacted by school closures in 2020i. In response to disrupted school calendars, educators are implementing distancing learning programs and hybrid learning scenarios - a combination of distance and in-classroom learning. Schools and districts require education-ready devices, more secure platforms, as well as compelling and effective digital content to engage students under changing learning conditions. From purpose-built laptops and tablets, software and content for education to immersive learning with virtual reality (VR) solutions, Lenovo is providing teachers and students the tools needed for schools' expanding digital ecosystems.

Air-ViBeR is a new cyber-security vulnerability that uses changes in your PC's fan vibrations to sneak out data through an elaborate, convoluted method involving more than one compromised device. There is an infinitesimal and purely mathematical chance of this type of cyberattack affecting you, however one can't help but admire the ingenuity behind it, the stuff of Hollywood.

Created by Mordechai Guri at the Cyber Security Research Center at Ben-Gurion University, Israel, Air-ViBeR involves a compromised PC regulating its fan-speeds to alter the PC's acoustics rapidly, to relay data to an Internet-connected listening device, such as a compromised smartphone, which then converts those vibrations into ones and zeroes to transmit to the web. There's no way this method will transmit a your 100-gigabyte C: in a lifetime, let alone the few hours that your smartphone is placed on the same desk as your PC; but the attacker would look for something specific and something that fits within 4 KB (one block, or 32,768 bits). Guri demonstrated his method and wrote a paper on it explaining what he calls "air gap covert channels."A video presentation by Mordechai Guri follows.

Gryphon Online Safety, Inc. today announced the commercial launch of its new product the Gryphon Guardian, the lowest known entry cost in the market at $119 for an all-in-one mesh WiFi security router and parental control system, making online security and digital parenting accessible to all. Gryphon Guardian is mesh compatible with the original Gryphon. The company is offering an early bird 30% off special between November 28-December 31 2019 direct from Gryphon Online Safety.

Gryphon Online Safety wants to help families protect all of their homes' devices from hacker intrusions, malware threats, to prevent kids from being exposed to inappropriate content, and to equip parents with tools to promote healthy screen time for their children. The company's purpose is to help each person reach their full potential by creating an online environment that is safe, reliable, and enjoyable.

Today, leading technology companies announced the creation of the Cyber Security Research Alliance (CSRA). The CSRA is a private, non-profit research consortium formed in response to the growing need for increased public-private collaboration to address complex problems in cyber security. The founding members of the CSRI are Advanced Micro Devices (AMD), Honeywell, Intel Corporation, Lockheed Martin, and RSA/EMC.

President Obama has prioritized cyber threats as one of the most serious economic and national security challenges we face as a nation and a dependency to America's economic prosperity in the 21st century.

Today, leading technology companies announced the creation of the Cyber Security Research Alliance (CSRA). The CSRA is a private, non-profit research consortium formed in response to the growing need for increased public-private collaboration to address complex problems in cyber security. The founding members of the CSRI are Advanced Micro Devices (AMD), Honeywell, Intel Corporation, Lockheed Martin, and RSA/EMC.

President Obama has prioritized cyber threats as one of the most serious economic and national security challenges we face as a nation and a dependency to America's economic prosperity in the 21st century.

CSRA seeks to achieve coordinated industry participation to address national cyber security research and development (R&D) imperatives and bridge the gap between government funded R&D and commercially available products and solutions in cyber security. CSRA will focus on challenges that are bigger than any one company, consortium, sector or nation and ensure that government, industry and academia collaborate on in-depth problem understanding and definition.