Cisco servers compromised using SaltStack flaws – Networking – Security- Tempemail – Blog – Emails

Cisco has revealed that six servers it operates in conjunction with earlier versions of its virtual internet routing lab personal edition (VIRL-PE) product were compromised following the disclosure of critical vulnerabilities in SaltStack. Finnish security vendor F-Secure said earlier this month that critical vulnerabilities in SaltStack digital infrastructure automation systems were being exploited. The flaws […]

Unfixable Thunderbolt flaws bypass computer access security – Hardware – Security- Tempemail – Blog – Emails

A Dutch masters student has found vulnerabilities in the Thunderbolt input/output port hardware design that lets attackers fully bypass computer access security measures such as Secure Boot, login passwords and full-disk encryption. Physical access to computers are required however, to perform the attack that MSc student Björn Ruytenberg named Thunderspy. The attack [pdf] takes about […]

7 New Flaws Affect All Thunderbolt-equipped Computers Sold in the Last 9 Years – Tempemail – Blog – Emails

A cybersecurity researcher today uncovers a set of 7 new unpatchable hardware vulnerabilities that affect all desktops and laptops sold in the past 9 years with Thunderbolt, or Thunderbolt-compatible USB-C ports. Collectively dubbed ‘ThunderSpy,’ the vulnerabilities can be exploited in 9 realistic evil-maid attack scenarios, primarily to steal data or read/write all of the system […]