Google Security Research team has just published its latest research on a fundamental flaw in the microcode patch verification system that affects AMD processors from "Zen 1" through "Zen 4" generations. The vulnerability stems from an inadequate hash function implementation in the CPU's signature validation process for microcode updates, enabling attackers with local administrator privileges (ring 0 from outside a VM) to inject malicious microcode patches, potentially compromising AMD SEV-SNP-protected confidential computing workloads and Dynamic Root of Trust Measurement systems. Google disclosed this high-severity issue to AMD on September 25, 2024, leading to AMD's release of an embargoed fix to customers on December 17, 2024, with public disclosure following on February 3, 2025; however, due to the complexity of supply chain dependencies and remediation requirements, comprehensive technical details are being withheld until March 5, 2025, allowing organizations time to implement necessary security measures and re-establish trust in their confidential compute environments.

AMD has released comprehensive mitigation measures through AGESA firmware updates across its entire EPYC server processor lineup, from the first-generation Naples to the latest Genoa-X and Bergamo architectures. The security patch, designated as CVE-2024-56161 with a high severity rating of 7.2, introduces critical microcode updates: Naples B2 processors require uCode version 0x08001278, Rome B0 systems need 0x0830107D, while Milan and Milan-X variants mandate versions 0x0A0011DB and 0x0A001244 respectively. For the latest Genoa-based systems, including Genoa-X and Bergamo/Siena variants, the required microcode versions are 0x0A101154, 0x0A10124F, and 0x0AA00219. These updates implement robust protections across all SEV security features - including SEV, SEV-ES, and SEV-SNP - while introducing new restrictions on microcode hot-loading capabilities to prevent future exploitation attempts.

Broadcom Inc. today announced an industry-first—the new, innovative Emulex Secure Fiber Channel Host Bus Adapters (HBA)—a cost-effective, easy-to-manage solution that encrypts all data as it moves between servers and storage.

Encrypting mission-critical data is no longer a nice-to-have, but a must-have. The cost of ransomware attacks continues to rise with attacks in 2024 costing USD $5.37 million on average per attack. Upcoming generative AI and quantum computers magnify the risk if data is not encrypted at all points in the data center including the network.

Companies and organizations are increasingly using AI to protect their customers and thwart the efforts of fraudsters around the world. Voice security company Hiya found that 550 million scam calls were placed per week in 2023, with INTERPOL estimating that scammers stole $1 trillion from victims that same year. In the U.S., one of four noncontact-list calls were flagged as suspected spam, with fraudsters often luring people into Venmo-related or extended warranty scams.

Traditional methods of fraud detection include rules-based systems, statistical modeling and manual reviews. These methods have struggled to scale to the growing volume of fraud in the digital era without sacrificing speed and accuracy. For instance, rules-based systems often have high false-positive rates, statistical modeling can be time-consuming and resource-intensive, and manual reviews can't scale rapidly enough.

Dear Operator, to maintain a fair gaming environment and improve your experience, G.T.I. Security is committed to fighting every kind of cheat. We previously announced our efforts against DMA cheats. Now, we're introducing our measures against VT cheats.

How VT Cheats Differ from Traditional Cheats
Unlike DMA cheats, VT cheats operate at the hypervisor level and leverage virtualization technology, giving them higher privileges than the security systems. As a result, VT cheats can virtualize the operating system before the game even starts, thus leaving no traces in the computer's actual operating environment. With its built-in KernelBase anti-cheat toolkit, Delta Force is able to detect and neutralize VT cheats quickly and accurately.

According to a recent, global Recon Analytics survey commissioned by Seagate Technology, business leaders from across 15 industry sectors and 10 countries expect that adoption of artificial intelligence (AI) applications will generate unprecedented volumes of data, driving a boom in demand for data storage, in particular cloud-based storage. With hard drives delivering scalability relative to terabyte-per-dollar cost efficiencies, cloud service providers rely on hard drives to store mass quantities of data.

Recently, analyst firm IDC estimated that 89% of data stored by leading cloud service providers is stored on hard drives. Now, according to this Recon Analytics study, nearly two-thirds of respondents (61%) from companies that use cloud as their leading storage medium expect their cloud-based storage to grow by more than 100% over the next 3 years. "The survey results generally point to a coming surge in demand for data storage, with hard drives emerging as the clear winner," remarked Roger Entner, founder and lead analyst of Recon Analytics. "When you consider that the business leaders we surveyed intend to store more and more of this AI-driven data in the cloud, it appears that cloud services are well-positioned to ride a second growth wave."

Synology today announced the general availability of ActiveProtect, a new line of data protection appliances that integrate enterprise backup software, server, and backup repository into a unified solution. Designed to simplify complex data protection, ActiveProtect offers comprehensive platform support, advanced security, and scalability, all with a transparent pricing model.

"Data protection should empower businesses, not burden businesses," said Jia-Yu Liu, Executive Vice President at Synology. "ActiveProtect embodies Synology's expertise in hardware and software engineering and insights from close collaboration with customers. We are confident that ActiveProtect will exceed enterprises' expectations for data protection."

A new security breach is trying to pump the brakes on Path Of Exile 2's overwhelmingly positive late 2024 launch, as a mysterious hack appears to be making the rounds in the new RPG, although the source of the vulnerability is yet to be identified. According to a growing number of posts on the Path of Exile 2 forum, subreddit, and even the game's Steam reviews, players are apparently logging into their PoE 2 accounts only to find that all their loot and gear they've now spent dozens or even hundreds of hours grinding for, has been removed from their accounts. The most alarming thing is that nobody seems to know how these hacks are happening. Some players say they changed their main email address and Steam login passwords days before they were hacked, and most seem to have no Steam 2FA requests, suggesting that there is either a security issue with the Path of Exile 2 game servers or there is some sort of session hijacking happening that is giving bad actors access to player accounts.

Until now, Grinding Gear Games, the developer behind Path of Exile 2, has not openly commented on the hacking incidents, with a single comment from the support team on the forum advising players to email support about it if they encounter such instances. According to the Steam review mentioning an account hacking incident, however, the player managed to track down the hacker on his own, subsequently contacted support and posted about it in the PoE 2 forum, and asked the moderator to assist in preventing the sale of the rest of his goods. This attempt was apparently enough to get the gamer's forum posts removed and put on probation. Meanwhile, the support request was met even more unkindly, with PoE 2 support going so far as to lock him out of his own account. He also isn't alone, with others in the Path of Exile 2 forum reporting that sharing the in-game name of their alleged hacker with support has led to their game account being locked.

Advantech, a leading provider of AIoT platforms and services, proudly unveils its latest AI acceleration modules: the EAI-1200 and EAI-3300, powered by Hailo-8 AI processors. These modules deliver AI performance of up to 52 TOPS while achieving more than 12 times the power efficiency of comparable AI modules and GPU cards. Designed in standard M.2 and PCIe form factors, the EAI-1200 and EAI-3300 can be seamlessly integrated with diverse x86 and Arm-based platforms, enabling quick upgrades of existing systems and boards to incorporate AI capabilities. With these AI acceleration modules, developers can run inference efficiently on the Hailo-8 NPU while handling application processing primarily on the CPU, optimizing resource allocation. The modules are paired with user-friendly software toolkits, including the Edge AI SDK for seamless integration with HailoRT, the Dataflow Compiler for converting existing models, and TAPPAS, which offers pre-trained application examples. These features accelerate the development of edge-based vision AI applications.

EAI-1200 M.2 AI Module: Accelerating Development for Vision AI Security
The EAI-1200 is an M.2 AI module powered by a single Hailo-8 VPU, delivering up to 26 TOPS of computing performance while consuming approximately 5 watts of power. An optional heatsink supports operation in temperatures ranging from -40 to 65°C, ensuring easy integration. This cost-effective module is especially designed to bundle with Advantech's systems and boards, such as the ARK-1221L, AIR-150, and AFE-R770, enhancing AI applications including baggage screening, workforce safety, and autonomous mobile robots (AMR).

KIOXIA America, Inc. today announced that the cryptographic module used in KIOXIA CM7 Series PCIe 5.0 NVMe Enterprise SSDs has been validated to meet Federal Information Processing Standard (FIPS) 140-3, Level 2 for cryptographic modules.

The FIPS 140-3 standard specifies a set of security requirements of the Cryptographic Module Validation Program administered by the National Institute of Standards and Technology (NIST), used as a security metric for federal agencies to procure validated IT equipment. Companies and federal agencies may prefer or may now be required to deploy newer, more stringent government standards - which SSDs validated to FIPS 140-3 requirements would meet. Compared to the previous FIPS 140-2 requirements, 140-3 provides higher standards for SSDs, including a stronger authentication method and updated implementation guidance.

Acrosser Technology, a leader in edge computing platforms and embedded computers, is proud to announce the NSA-50A1 Desktop Network Appliance, an entry-level customer premises equipment (CPE) designed for growing businesses and network providers. Powered by the Intel Atom C3338R Processor, the NSA-50A1 addresses the rising demand for edge security computing driven by the widespread adoption of mobile devices and their diverse applications.

This user-friendly device is the perfect solution for LAN security gateways, firewalls, and data collection and processing, making it an ideal choice for work-from-home networks, retail point-of-sale systems, and edge computing deployments.

To address the growing demands for agile embedded networking, intelligent edge, and secure communication, Advantech, a leading provider of network security solutions, has launched a new series of x86 network appliances: FWA-6183, FWA-5082, and FWA-1081. Powered by AMD EPYC 9004 and 8004, and AMD Ryzen V3000 series processors, this series delivers advanced computing performance, high bandwidth, and lower TDP. These appliances are optimized for a wide range of workloads, from SMEs to larger-scale enterprise of network security applications, including edge computing, WAN optimization, DPI/IPS/IDS, SD-WAN/SASE, and NGFW/UTM.

Key AMD Embedded Network Advantages
AMD EPYC & Ryzen Series Processors:

• Breakthrough Performance
• Up to 96 cores/192 threads, ensuring scalable processing power.
• Expansive I/O Options
• PCIe Gen 5 with up to 128 lanes for high bandwidth and maximum I/O flexibility
• Optimized Power Efficiency

Transcend Information Inc. (Transcend ), a leading global manufacturer of memory storage solutions, announces the launch of its new CFX735 and CFX735I CFast cards. These cards feature built-in write protection technology, designed specifically for professional applications that require secure data storage and stable, high-performance write capabilities.

Leveraging 112-layer 3D NAND flash technology and a SATA III 6 Gb/s interface, this series offers exceptional read/write speeds and large storage capacities. Whether you're dealing with data-intensive applications or operating in demanding environments, these cards deliver reliable performance. The CFX735 operates in a temperature range of -5°C to 70°C, while the CFX735I is built for extreme environments, functioning reliably from -40°C to 85°C, perfect for outdoor and temperature fluctuating scenarios.

The CHERI Alliance CIC (Community Interest Company) today announced its official launch and the expansion of its membership, welcoming Chevin Technology (UK), Critical Technologies (USA), the Defence Science and Technology Laboratory (DSTL, UK), Google (USA), Light Momentum Technology Corporation (Taiwan), National Cyber Security Centre (NCSC, a part of GCHQ, UK), Parvat Infotech (India), SRI International (USA), TechWorks (UK), Trusted Computer Center of Excellence (USA), the University of Birmingham (UK), and the University of Glasgow (UK) as founding members.

Founded to unite hardware security leaders and system developers, the CHERI Alliance aims to establish CHERI (Capability Hardware Enhanced RISC Instructions) as the new standard for memory safety and scalable software compartmentalization.

Kensington, a worldwide leader of desktop computing and mobility solutions for IT, business, and home office professionals, is greatly enhancing the visual productivity of MacBook users with today's launch of the SD5900T EQ Thunderbolt 4 Quad 4K 40 Gbps Dock with DisplayLink Technology.

Ideal for busy professionals juggling multiple tasks and projects, the powerful and stylish dock unlocks the full potential of the MacBook by providing support for up to four external displays, 40 Gbps data transfer speeds, up to 100 W (96 W certified) charging for the MacBook and connected accessories, and a 16-in-1 design. Optimized to support MacBook running macOS 11 or above, the SD5900T leverages the power of Thunderbolt 4 and DisplayLink technology to expand the user's visual workspace, boost productivity, and provide a future-proof solution for the MacBook workstation.

AMI, the global leader in Dynamic Firmware for worldwide computing, has partnered with Samsung Electronics, the global leader in consumer technology, to create an enhanced joint security solution available in Samsung's Galaxy Book PCs. Alongside Samsung's multi-layer security platform Samsung Knox, AMI's Tektagon - the industry-leading Platform Root of Trust firmware security solution - is now integrated into Samsung PCs including the Galaxy Book5 Pro 360, Galaxy Book4 Pro, Galaxy Book4 Pro 360, and Galaxy Book4 Ultra.

Through this collaborative partnership, AMI's Tektagon seamlessly integrates with Samsung Knox to ensure that confidential and sensitive data stays safe at every layer of the device through real-time threat detection and collaborative protection, while providing the highest level of security against firmware-injected malware to help prevent ransomware and denial of service attacks.

A new vulnerability was recently discovered in a widely used print server that is installed by default on many Linux and Unix-based systems with a graphical user interface. The primary attack vector for the vulnerability is the CUPS (Common Unit Printing System) print scheduler, specifically cups-browsed, and has the potential to execute code remotely with zero user interaction required.

The vulnerability has reportedly been given a CVSS score of 9.9 by RHEL and Canonical, although this score is hotly debated, with some arguing it should have a lower score, because, although code can be remotely downloaded to the system, it cannot be executed without user intervention. Fortunately, there is no evidence of the vulnerability having been exploited, although the disclosure was leaked online ahead of a planned private reveal in October, prompting the developer that discovered the vulnerability to post the full explanation in a write-up on their blog. This being the case, the vulnerability could very well start being exploited by malicious actors.

The Bluetooth Special Interest Group (SIG), the organization that oversees Bluetooth technology, announced the release of Bluetooth Channel Sounding, a new secure, fine-ranging feature that promises to enhance the convenience, safety, and security of Bluetooth connected devices. By enabling true distance awareness in billions of everyday devices, Bluetooth Channel Sounding opens countless possibilities for developers and users alike.

"Bluetooth technology has become an ingredient of everyday life," said Neville Meijers, CEO, Bluetooth Special Interest Group. "When connected devices are distance-aware, a range of new possibilities emerge. Adding true distance awareness to Bluetooth technology exemplifies the ongoing commitment of the Bluetooth SIG community to continuously enhance our connection with our devices, one another, and the world around us."

Multiple users have recently reported that the August 13 Windows 11 update causes issues with dual-boot Linux/Windows configurations. However, the issues are actually related to changes in UEFI Secure Boot Advanced Targeting (SBAT) policies. The issue stems from Microsoft enforcing SBAT and revoking old, exploitable certificates. Many Linux distributions use self-signed UEFI shims, which are no longer allowed due to known exploits. The new update revokes the SBAT certificates on affected, known exploitable versions of GRUB shipped with some Linux distributions. This can result in error messages like "Verifying shim SBAT data failed: Security Policy Violation" or "Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation." To resolve this issue, Linux users need to update GRUB or disable the SBAT policy on the Linux side.

It's important to note that this is not primarily a Microsoft problem, but rather a necessary security update that affects some Linux distributions using outdated or vulnerable bootloaders. For more information on SBAT revocations and the boot process, users can refer to the Ubuntu Discourse here. This problem particularly impacts software developers and gaming enthusiasts who rely on dual-boot setups. As always, it's good practice for users to back up their data before performing any system updates. Considering alternatives like using virtual machines is also a good choice for users relying on older Linux distributions.

QNAP Systems, Inc. today officially announced the release of the QTS 5.2 NAS operating system. A standout feature of this release is the debut of Security Center, which actively monitors file activities and thwarts ransomware threats. Additionally, system security receives a boost with the inclusion of support for TCG-Ruby self-encrypting drives (SED). Extensive optimizations have been implemented to streamline operations, configuration, and management processes, significantly elevating the overall user experience.

"We greatly appreciate the invaluable feedback provided by our dedicated QTS 5.2 beta testers, which has been instrumental in putting the finishing touches on this official release," said Tim Lin, Product Manager of QNAP, adding "QNAP remains committed to ensuring our data storage and management solutions stay current, offering dependable NAS storage solutions that meet the heightened expectations of today's users."

ESR, the leading brand for mobile accessories and the #1 brand for MagSafe accessories, proudly announces the launch of its latest innovation: the Cyber FlickLock Case for AirPods. This new product sets a benchmark in AirPod protection, combining ESR's exclusive FlickLock safety lock design with advanced features that enhance both security and usability.

Unmatched Security with FlickLock Lock System
The Cyber FlickLock case showcases ESR's new proprietary FlickLock safety lock, ensuring your AirPods always remain secure. The case lid is designed with a total of 7 strong magnets on the upper and lower sides, providing a powerful magnetic strength of 1480 g. The entire body is crafted from resilient TPU + PC materials, fortified with Air Guard corners that offer dual-layer shock absorption. This design provides robust drop-proof protection, safeguarding your AirPods from everyday impacts.

Zyxel Networks, a leader in delivering secure, AI-powered cloud networking solutions, has announced the launch of its USG LITE 60AX - an AX6000 WiFi 6 security router - an all-in-one unified security gateway appliance designed for small to medium businesses (SMBs), teleworkers and managed service providers (MSPs).

Providing uncompromising, subscription-free protection against online threats, fast WiFi connectivity and effortless cloud management, the USG LITE 60AX also sets an industry-leading standard for eco-friendliness, with a casing that is 95%-made from post-consumer recycled (PCR) plastic. This delivers an 81% reduction in CO2 emissions compared to ABS plastic. Zyxel Networks has also used 100% halogen-free, soy-based inks in all packaging and with a 40% reduction in the volume of packaging used, shipment is made easier, meaning less waste and supporting businesses in achieving their sustainability goals.

AMD has announced a new bug bounty program with prizes for individuals and public researchers. The company is partnering with the cloud security provider Intigriti on this new "bugs hunting campaign", this time, they have a better reward system with up to $30,000 in cash up for grab, while more people can take part. Bug bounties are not new in the industry, with modern hardware, bugs and issues have increased, this being a good way for companies to find vulnerabilities without spending too much on detection.

Individuals look for bugs, and then send a report to the company describing the bug and its impacts, AMD then gives prizes to the hunters based on factors like bug severity. It will be at least interesting to see what happens with AMD's new bug bounty program since public researchers can now take part.

(Eligible list with products and technologies below)

Zyxel Networks' firewall solutions have been awarded Champion status in the latest Professional User Ratings (PUR) survey covering security solutions from techconsult - the renowned independent German research and analysis organisation, and part of the Heise Group.

More than 3,500 security experts from user organisations took part in techconsult's Professional User Rating: Security Solutions 2024 survey. They were asked to rate products and services in a number of areas, with vendors subsequently ranked on the basis of their Solution/Technology Excellence and Company Excellence. Zyxel Networks was one of only eight vendors to achieve the top 'Champion' status, having received the highest overall Solution/Technology Excellence rating and the fourth-highest Company Excellence ranking.

QNAP Systems, Inc. is committed to enhancing the security of its products by engaging in international collaborations. Recently, the company participated in the Pwn2Own Toronto 2023 competition organized by Trend Micro's Zero Day Initiative (ZDI), resulting in valuable experiences and achievements. QNAP will continue to deepen its cooperation with international cybersecurity organizations to continuously improve product security, ensuring the best protection for users' data.

Pwn2Own is a global cybersecurity competition organized by ZDI aimed at challenging security vulnerabilities in various software and hardware. Participants utilize various techniques, including exploit and zero-day attacks, to breach target systems. This competition not only provides a platform for security experts to showcase their skills but also enables vendors to understand and address security vulnerabilities in their products, benefiting users worldwide.

The US government is investigating the potential national security risks associated with China's involvement in the development of open-source RISC-V chip technology. According to a letter obtained by Reuters, the Department of Commerce has informed US lawmakers that it is actively reviewing the implications of China's work in this area. RISC-V, an open instruction set architecture (ISA) created in 2014 at the University of California, Berkeley, offers an alternative to proprietary and licensed ISAs like those developed by Arm. This open-source ISA can be utilized in a wide range of applications, from AI chips and general-purpose CPUs to high-performance computing applications. Major Chinese tech giants, including Alibaba and Huawei, have already embraced RISC-V, positioning it as a new battleground in the ongoing technological rivalry between the United States and China over cutting-edge semiconductor capabilities.

In November, a group of 18 US lawmakers from both chambers of Congress urged the Biden administration to outline its strategy for preventing China from gaining a dominant position in RISC-V technology, expressing concerns about the potential impact on US national and economic security. While acknowledging the need to address potential risks, the Commerce Department noted in its letter that it must proceed cautiously to avoid unintentionally harming American companies actively participating in international RISC-V development groups. Previous attempts to restrict the transfer of 5G technology to China have created obstacles for US firms involved in global standards bodies where China is also a participant, potentially jeopardizing American leadership in the field. As the review process continues, the Commerce Department faces the delicate task of balancing national security interests with the need to maintain the competitiveness of US companies in the rapidly evolving landscape of open-source chip technologies.