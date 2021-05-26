newsbreak-logo
Cancel
CreatorsPublishersAdvertisers
View more in
Software

Google Discovers New Rowhammer Attack Technique

By Dark Reading Staff Dark Reading
Dark Reading
 3 days ago

Google researchers have published their findings on a new Rowhammer technique that expands attackers' reach on a target machine as DRAM chips become smaller. Rowhammer, first reported in 2014, is a vulnerability through which repeated access to one address can allow an attacker to compromise data stored at other addresses. When one DRAM row is accessed repeatedly (the "aggressor"), "bit flips" were found in the adjacent two rows (the "victims"). As "hammered" cells changed value, it caused data to change in adjacent rows.

www.darkreading.com
IN THIS ARTICLE
#Attackers#Security Software#Malware#Attack Software#The New Attack#Javascript#Technique#Google Researchers#Complicated Malware Code#Denial Of Service Attacks#Cells#Accesses#Memory#Cell Geometries#Research#Dram Chips#Distance#Changed
YOU MAY ALSO LIKE
News Break
Data Security
News Break
Technology
News Break
Computers
News Break
Google
News Break
Software
Related
TechnologyItproportal

Focusing on the whole malware picture

While there’s an old English adage that says a “picture may be worth a thousand words,” malicious actors believe the value of these images is much higher and they’re doing something about it. Hiding malware in images is not a new technique for attackers, but recent implementations have added new...
Public SafetyDark Reading

How Attackers Weigh the Pros and Cons of BEC Techniques

RSA CONFERENCE 2021 – Business email compromise (BEC) and phishing attacks make up a big chunk of security issues plaguing today's organizations, and they continue to prove a threat as attackers find new ways to blend into victims' inboxes and manipulate them into sending funds. In its "2020 Internet Crime...
InternetZDNet

These four Android flaws are now under attack warns Google

Three weeks after Google released the May 2021 Android security update, the Google Project Zero team has revealed that four of the vulnerabilities patched were already under attack. "There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation," Google said in a note on its...
TechnologyCNET

Eufy blames software 'bug' for breach that exposed users' video footage to strangers

An apparent software glitch was responsible for exposing some Eufy security camera customers' private information and video streams to other users early Monday. The security breach was first made public when customers began reporting the unusual phenomenon on Reddit. There, customers posted that the Eufy app was granting them access to other users' account information, including both live and recorded video streams as well as letting them control other users' physical cameras with actions like pan and zoom.
Softwarewinbuzzer.com

Microsoft Exchange Server Attacks: Hackers Were Hunting for Exploits Within 5 Minutes

Microsoft Exchange Server vulnerabilities resulted in tens of thousands of organizations becoming compromised by attacks this year. WinBuzzer this week reported how Microsoft bugs are hot property on underground hacking forums. To emphasize the point, threat actors began scouring the web for vulnerable Exchange Servers within minutes of Microsoft confirming there were active exploits in the wild.
Internethackernoon.com

How To Get On The Google Discover Feed

What do you need to do to get in front of more people who might be interested in your website? We would like to introduce you to a feed and algorithm that will be of great interest to you: Google Discover. Have you ever noticed the contents listed just below...
Cell Phoneslifewire.com

Report Finds Hackers Could Record Your Phone Calls

A newly revealed vulnerability in some Qualcomm modem chips could give hackers access to your call and text history, as well as the ability to record conversations. Check Point Research announced that it had found a security hole in Qualcomm's MSM modem chip software that some malicious apps could exploit. Researchers said the vulnerability is present in about 40% of smartphones running Android, including those from Samsung, Google, and LG.
InternetSpiked

Google: the new language police

Spell-checking software has spared many blushes by pointing out typos and poor grammar. Soon it will be used to spot politically incorrect language. As part of a new update, Google Docs will prompt users to make their writing more ‘inclusive’. The software will suggest they change terms like ‘mailman’ and ‘chairman’ to gender-neutral ones like ‘mail carrier’ and ‘chairperson’.
Softwarephoronix.com

Half-Double: A New DRAM Rowhammer Vulnerability

The Rowhammer security exploit affecting DRAM memory modules has a new chapter with Google now detailing "half-double" as a new technique for exploit of system memory. Google security researchers discovered Half-Double as a new technique that "capitalizes on the worsening physics of some of the newer DRAM chips to alter the contents of memory."
SoftwareZDNet

Google beefs up Workspace security with these new features

Google is rolling out new advanced security defender features for Google Workspace to help admins combat cybersecurity threats. Google is tapping parent company Alphabet's VirusTotal, a malware research website Google bought in 2012, for a new capability within Google Workspace's Alert Center. The Alert Center will now feature real-time alerts...
SoftwareVentureBeat

Google details new AI accelerator chips

At Google I/O 2021, Google today formally announced its fourth-generation tensor processing units (TPUs), which the company claims can complete AI and machine learning training workloads in close-to-record wall clock time. Google says that clusters of TPUv4s can surpass the capabilities of previous-generation TPUs on workloads including object detection, image classification, natural language processing, machine translation, and recommendation benchmarks.
SoftwareThe Hacker News

Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks

Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment (IDE). The vulnerable extensions could be exploited to run arbitrary code on a developer's system remotely, in what could ultimately...
InternetPosted by
BGR.com

New data shows how big the WhatsApp privacy nightmare is for Facebook

Facebook will roll out its controversial WhatsApp privacy policy update on Saturday. WhatsApp users will have to agree to the new policy to continue using the chat app in full. Facebook will not delete the app if you do not agree to the new terms of service, but it will gradually phase out features to the point that WhatsApp texting and calling might be impossible. Inactivity resulting from the inability to use the app might lead to account termination.
Sciencebiometricupdate.com

New fingerprint biometrics techniques unveiled by researchers

A new subsurface fingerprint biometric system unveiled by BitFlow can reportedly identify individuals from skin layers around 200−400 µm beneath the finger surface, Automation reports. Dubbed Frame Grabber, the new system is designed to identify suspects who have burned or otherwise rendered their fingerprints unrecognizable by traditional biometric recognition systems.
Public Safetysecurityboulevard.com

Ransomware Detection and Mitigation Strategies in OT/ICS Environments

On 9 May 21, the Federal Bureau of Investigation (FBI) issued a statement regarding a network disruption at Colonial Pipeline, one of the largest fuel pipelines servicing the eastern United States. Following immediate operational shutdowns and further initial investigation, the FBI confirmed that the DarkSide ransomware was responsible for the...
Softwareacm.org

Malware Caught Using macOS Zero-Day to Secretly Take Screenshots

Researchers from software company Jamf have reported that the XCSSET malware has been exploiting a newly discovered zero-day vulnerability that allows it to bypass macOS security defenses and take screenshots without the user's permission. Previously discovered zero-days are used by the malware to steal cookies from the Safari browser to...
Softwareacm.org

As Chips Shrink, Rowhammer Attacks Get Harder to Stop

In 2015, Researchers at Google made a troubling discovery: The data theft technique known as "Rowhammer," previously thought of as a theoretical concern, could be exploited in real-world conditions. Now a different group of Google computer scientists have shown that the problem has only gotten worse, thanks in part to improvements in how chips are designed.
Computersmarketresearchtelecast.com

Tiny chip structures aggravate hardware attack Rowhammer

The Rowhammer attack is more far-reaching than previously assumed – in the truest sense of the word. Google researchers have found that penetrating access to an address in the main memory (RAM) not only influences neighboring bits, but also the bits after that. This is made possible by the physically even smaller structures in RAM chips.
Public Safetyhelpnetsecurity.com

The state of enterprise preparedness for ransomware attacks

In the aftermath of the Colonial Pipeline attack, ISACA polled more than 1,200 members in the United States and found that 84 percent of respondents believe ransomware attacks will become more prevalent in the second half of 2021. The Colonial Pipeline incident caused massive disruptions to gasoline distribution in parts...