SPECTRE – WindowsTechs.com

What does COEP do that CSP doesn’t already do?

Posted on November 4, 2022 by Flying Penguin

Both Cross-Origin-Embedder-Policy and Content-Security-Policy seem to do pretty similar things: they restrict the document from loading certain types of subresources (e.g. cross-origin subresources). Why is COEP necessary when we already h… Continue reading What does COEP do that CSP doesn’t already do?→

Are Haswell CPUs still secure? Do they still get microcode updates?

Posted on July 20, 2022 by schaman

I have a Dell laptop with a Haswell CPU, and the recent Retbleed vulnerabilities made me think how vulnerable it is in general. The whitepaper implies Haswell quite a lot, but it wasn’t tested. I keep my microcode package up-to-date, but i… Continue reading Are Haswell CPUs still secure? Do they still get microcode updates?→

This Week in Security: Retbleed, Post-Quantum, Python-atomicwrites, and the Mysterious Cuteboi

Posted on July 15, 2022 by Jonathan Bennett

Yet another entry in the “why we can’t have nice things” category, Retbleed was announced this week, as yet another speculative execution vulnerability. This one is mitigated in hardware for …read more Continue reading This Week in Security: Retbleed, Post-Quantum, Python-atomicwrites, and the Mysterious Cuteboi→

COOP and COEP: Is there an advantage to enabling COOP / COEP if I don’t need to use the sharedArrayBuffer or other features?

Posted on December 21, 2021 by gaurav5430

COOP: cross origin opener policy
COEP: Cross origin embedder policy
Most of the articles on the web, related to COOP / COEP, point to the fact that by enabling COOP / COEP , your web page can use the sharedArrayBuffer and some other precis… Continue reading COOP and COEP: Is there an advantage to enabling COOP / COEP if I don’t need to use the sharedArrayBuffer or other features?→

How to select a CPU to buy for the best security?

Posted on November 29, 2021 by Teekin

Various versions of Spectre, Meltdown, Foreshadow and ZombieLoad make it quite the jungle trip to navigate which CPUs are affected, how to mitigate them.
Right now, my problem is that I need a new computer but I want to make sure that I bu… Continue reading How to select a CPU to buy for the best security?→

Are CPU side-channel attacks still a concern on VPSs

Posted on October 14, 2021 by Letal1s

I’ve been looking into getting a VPS to run an OpenVPN server on and a few other things. I’ve been speaking to a hosting company and they have sent me this screenshot to show they are protected against all currently known exploits on their… Continue reading Are CPU side-channel attacks still a concern on VPSs→

Does enabling SharedArrayBuffers via service worker headers create Spectre vulnerability?

Posted on October 7, 2021 by ultraGentle

In browsers, use of SharedArrayBuffer is restricted to sites with the following HTTP headers because otherwise it exposes vulnerabilities to Spectre and Meltdown.
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-… Continue reading Does enabling SharedArrayBuffers via service worker headers create Spectre vulnerability?→

Is protecting against Meltdown and Spectre on virtual servers actually possible?

Posted on September 27, 2021 by Letal1s

I’ve been reading into the Meltdown and Spectre bugs recently and the issues they cause for virtualised servers, as memory in one VM can potentially be accessed by another user in a separate VM with the same host.
I found this article on D… Continue reading Is protecting against Meltdown and Spectre on virtual servers actually possible?→

Malware spammers aim to leverage Kaseya ransomware drama in email campaign

Posted on July 7, 2021 by Tim Starks

First came the ransomware rampage stemming from the breach of Miami-based software firm Kaseya. Now comes a wave of malicious emails seeking capitalize on the rush to find a fix. Security vendor MalwareBytes highlighted the malware spam campaign Tuesday, describing how unidentified attackers send “malspam” messages with both a URL and a file that purports to be a Microsoft update of the Kaseya VSA vulnerability. Clicking on the the link, or “SecurityUpdates.exe,” drops Cobalt Strike on a victim. Cybercriminals have increasingly leveraged that security testing tool for attacks, according to recent research. It’s another example of how cyberattacks can have long tails after their initial infections. The zero-day vulnerability that the ransomware gang REvil apparently used to infiltrate Kaseya systems turned into a way for intruders to access the systems of Kaseya’s managed service provider customers, who provide IT services to a wider range of potential victims. It has turned […]

The post Malware spammers aim to leverage Kaseya ransomware drama in email campaign appeared first on CyberScoop.

Continue reading Malware spammers aim to leverage Kaseya ransomware drama in email campaign→

Are there any class of systems where it is safe to disable spectre and meltdown patches

Posted on May 28, 2021 by computinglife

I was not able to find a definite answer to the question whether it is safe to disable spectre and meltdown vulnerabilities but i could articles that suggests the defaults might be revisited & windows seems to allow the disabling of th… Continue reading Are there any class of systems where it is safe to disable spectre and meltdown patches→