[HackerNews] New SpookJs Attack Bypasses Google Chrome’s Site Isolation Protection

A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers and leak sensitive data in a Spectre-style speculative execution attack.
Dubbed “Spook.js” by academics from the University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv

Source: Read More (The Hacker News)

You might be interested in …

[ThreatPost] Conti Ransomware Expands Ability to Blow Up Backups

All posts, ThreatPost

The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software. Source: Read More (Threatpost)

Read More

[HackerNews] GitHub Revoked Insecure SSH Keys Generated by a Popular git Client

All posts, HackerNews

Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said it’s building safeguards to prevent vulnerable versions of GitKraken from adding newly […]

Read More

[ThreatPost] Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC

All posts, ThreatPost

Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows systems to reveal password hashes that can be easily cracked. Source: Read More (Threatpost)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.