https://community.isc2.org/t5/Industry-News/Heads-up-New-speculative-execution-bugs-in-the-pipeline/m-p/5378#M579 <P>The colleague who pointed me to this is thinking it may be a hoax. I certainly hope so, but it is better to wait and see at this point, given the recent issues. Hope for the best, plan for the worst and all of that.</P> Thu, 18 Jan 2018 17:35:43 GMT Badfilemagic 2018-01-18T17:35:43Z https://community.isc2.org/t5/Industry-News/Heads-up-New-speculative-execution-bugs-in-the-pipeline/m-p/5377#M578 <P>Details are almost non-existant as the bugs are currently embargoed. However, it appears that there are a pair of additional attacks taking advantage of speculative execution issues in CPUs.</P><P>&nbsp;</P><P>They are branded as Skyfall and Solace, which will, of course, making playing "Bond Movie or Branded CVE" more difficult. The page to watch is here:&nbsp;<A href="https://skyfallattack.com" target="_blank">https://skyfallattack.com</A>, so we'll see how this unfolds.</P><P>&nbsp;</P><P>If, like the last two, these are really just read-only attacks then at least that is something. However, depending on difficulty and reliability of the exploit, I expect that cloud providers will once again provide the juiciest attack surface.</P> Thu, 18 Jan 2018 16:38:42 GMT https://community.isc2.org/t5/Industry-News/Heads-up-New-speculative-execution-bugs-in-the-pipeline/m-p/5377#M578 Badfilemagic 2018-01-18T16:38:42Z https://community.isc2.org/t5/Industry-News/Heads-up-New-speculative-execution-bugs-in-the-pipeline/m-p/5378#M579 <P>The colleague who pointed me to this is thinking it may be a hoax. I certainly hope so, but it is better to wait and see at this point, given the recent issues. Hope for the best, plan for the worst and all of that.</P> Thu, 18 Jan 2018 17:35:43 GMT https://community.isc2.org/t5/Industry-News/Heads-up-New-speculative-execution-bugs-in-the-pipeline/m-p/5378#M579 Badfilemagic 2018-01-18T17:35:43Z