Researchers claim AMD chips have critical flaws and backdoors, but questions remain

Security Digest Information security news and advice from TechTarget's network| March 14, 2018 FEATURED STORY Researchers claim AMD flaws threaten Ryzen, EPYC chips by Michael Heller, Senior Reporter Ryzen and EPYC AMD flaws partially detailed with just 24 hours disclosure notice, despite potentially significant exploits including secure processor takeover or security bypass. (SearchSecurity.com) Advertisement NEWS   Olympic Destroyer was a false flag cyberattack, research claims New research claims Olympic Destroyer was not the work of the North Korea-backed Lazarus Group; rather, it was a false flag cyberattack designed to mislead attribution efforts. (SearchSecurity.com)   DHS cybersecurity audit scores below target security levels A DHS cybersecurity audit for FISMA compliance by the Office of Inspector General rated the agency below target levels in three of five areas of information security. (SearchSecurity.com)   Risk & Repeat: Trustico certificate drama a cause for concern In this week's Risk & Repeat podcast, SearchSecurity editors discuss how a controversial move by reseller Trustico led to 23,000 Symantec SSL certificates being revoked. (SearchSecurity.com)   Binance bounty offered for info on attempted attack A failed attack led to a Binance bounty offer of $250,000 for information that leads to the arrest of the threat actors responsible for the attempted cryptocurrency theft. (SearchSecurity.com)   OURSA takes on RSA Conference to highlight diversity News roundup: Our Security Advocates emerges amid criticism of RSA Conference's lack of female keynote speakers. Plus, a kill switch is discovered for the Memcrashed DDoS exploit, and more. (SearchSecurity.com)   NSA tracking program watched foreign hackers in action Researchers discovered evidence of an NSA tracking program designed to watch nation-state hackers and gather information as attacks were in progress. (SearchSecurity.com) EXPERT ADVICE   What the Azure AD Connect vulnerability can teach enterprises Enterprises should learn from a Microsoft Azure AD Connect vulnerability that cloud security requires a hands-on approach. Expert Rob Shapland takes a closer look at the flaw. (SearchCloudSecurity.com)   Entropy sources: How do NIST rules impact risk assessments? NIST recently released new guidance on entropy sources used for random bit generation. Judith Myerson explains these recommendations and how they alter cryptography principles. (SearchSecurity.com)   Software security training: Perspectives on best practices Software development training with an emphasis on secure coding can improve enterprise security postures. Steve Lipner of SafeCode discusses different ways to get the job done. (SearchSecurity.com)   ExpensiveWall malware: How does this SMS attack function? A new SMS malware known as ExpensiveWall was recently discovered by Check Point. Learn how it infects devices and puts Android device users at risk with expert Nick Lewis. (SearchSecurity.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.