cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Badfilemagic
Contributor II

Heads up: New speculative execution bugs in the pipeline

Details are almost non-existant as the bugs are currently embargoed. However, it appears that there are a pair of additional attacks taking advantage of speculative execution issues in CPUs.

 

They are branded as Skyfall and Solace, which will, of course, making playing "Bond Movie or Branded CVE" more difficult. The page to watch is here: https://skyfallattack.com, so we'll see how this unfolds.

 

If, like the last two, these are really just read-only attacks then at least that is something. However, depending on difficulty and reliability of the exploit, I expect that cloud providers will once again provide the juiciest attack surface.

-- wdf//CISSP, CSSLP
1 Reply
Badfilemagic
Contributor II

The colleague who pointed me to this is thinking it may be a hoax. I certainly hope so, but it is better to wait and see at this point, given the recent issues. Hope for the best, plan for the worst and all of that.

-- wdf//CISSP, CSSLP