AMD’s trusted execution environment blown wide open by new BadRAM attack
https://arstechnica.com/information-technology/2024/12/new-badram-attack-neuters-security-assurances-in-amd-epyc-processors/

Attack bypasses AMD protection promising security, even when a server is compromised.

AMD's trusted execution environment blown wide open by new BadRAM attack
Article, Comments

Google is rolling out the Identity Check feature it announced last week.

When Identity Check is enabled, biometric authentication will be required for sensitive actions like:

- Accessing saved passkeys and app passwords
- Changing the PIN, pattern, or password, and turning off Find My Device

...whenever your phone is in an untrusted location. This makes it harder for someone to compromise your Google Account. Turning off the feature requires either your biometrics or your Google Account and can only be done when your phone has Internet access.

Identity Check works on Android 15 and later and is available through a beta version of Google Play Services.

Thanks to Matthew Rawling on my Telegram group for the screenshots!

Top Smartphones of 2024: The Ultimate Guide to This Year’s Best Picks
https://www.gizchina.com/2024/12/11/top-smartphones-of-2024-the-ultimate-guide-to-this-years-best-picks/

A Look Inside #FUTO #Keyboard's #Swipe Feature

https://peertube.futo.org/videos/watch/d4d3d059-a45b-419a-876d-f2b051540a45

🔥 Critical Security Alert! Ivanti uncovers a CVSS 10.0-rated vulnerability allowing unauthenticated attackers to gain admin access in their Cloud Services Application.

This flaw isn’t alone—Ivanti has patched multiple critical vulnerabilities in its Connect Secure and CSA products.

🔗 Don't wait—explore the critical details and ensure your systems are secure: https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html

U.S. has unsealed charges against a Chinese hacker for exploiting a zero-day #vulnerability in 81,000 Sophos firewalls, enabling the infiltration of critical systems, the theft of sensitive data, and targeting U.S. infrastructure.

Learn more: https://thehackernews.com/2024/12/us-charges-chinese-hacker-for.html

💻 Microsoft’s final Patch Tuesday of 2024 fixed 72 vulnerabilities, including one actively exploited in the wild: CVE-2024-49138.

Ensure your systems are updated now.

🔗 Read more: https://thehackernews.com/2024/12/microsoft-fixes-72-flaws-including.html

Discover how Zero Trust, immutable backups, and encryption can secure Microsoft365—starting with Zero Trust, where every access request is verified.

Learn key strategies to protect your environment.

Read the full article now: https://thehackernews.com/expert-insights/2024/12/5-strategies-to-combat-ransomware-and.html

🚨 A new surveillance tool, EagleMsgSpy, has been exposed as a powerful spyware linked to Chinese police departments, secretly collecting vast data from mobile devices since 2017.

🔗 Read full details here: https://thehackernews.com/2024/12/chinese-eaglemsgspy-spyware-found.html

🔒 ZLoader #malware is back—with a stealthy upgrade. The latest version employs DNS tunneling for encrypted communication, raising the stakes for detection efforts.

This isn’t just an update; ZLoader now includes an interactive shell capable of executing over a dozen commands, a game-changer for #ransomware attacks.

Dive into the details. https://thehackernews.com/2024/12/zloader-malware-returns-with-dns.html

🚨 A security flaw, dubbed AuthQuake, in Microsoft’s Multi-Factor Authentication (MFA) allowed attackers to bypass protection within an hour – no alerts, no interaction required.

Get the full story here: https://thehackernews.com/2024/12/microsoft-mfa-authquake-flaw-enabled.html