Retbleed
By Artie Kaye

Retbleed is a recently discovered attack vector which targets the CPU.  While testing different potential attack methods, researchers in Zurich were able to replicate this data leak.  The data leak method, which affects processers from both AMD and Intel, was believed to have been addressed with previous firmware patches.  

Speculative execution attacks rely on the processor spitting back information while waiting to confirm the process it was sent is valid.  It speculates on the appropriate response and executes it before the verification comes through.  The attack mimics a command, to engage the speculation branching, which can allow for commands not valid for the memory, or data that’s actively in the chip to be accessed.

Intel and AMD are actively working on a solution to this problem.

Intel lists the flaws as CVE-2022-29901 and CVE-2022-28693.

AMD lists the flaws as CVE-2022-29900 and CVE-2022-23825.

https://thehackernews.com/2022/07/new-study-finds-most-enterprise-vendors.html

https://arstechnica.com/information-technology/2022/07/intel-and-amd-cpus-vulnerable-to-a-new-speculative-execution-attack/

https://www.securityweek.com/retbleed-new-speculative-execution-attack-targets-intel-amd-processors

Heat Wave Affects Google and Oracle Cloud Storage
By Artie Kaye

Due to record temperatures in England today (July 19,) breaking 104ºF, some data centers were unable to maintain proper cooling.  This led Google to temporarily take down servers for their cloud based services for parts of Europe.  By taking select non critical servers offline, they were able to prevent severe damage to their system.

Oracle’s South London cloud data center faced similar heat related issues.  With many of the services still offline as of the writing of this. 

Cooling infrastructure may not be the first thing someone things about when considering data storage, but it’s critical as high temperatures can cause damage to drives and components. 

Storing your data on a cloud won’t mean that it is always available.  Take this event as a reminder to backup your important data.  Make backups of your files regularly to avoid loss of data.  Storing them on the cloud is only one method of backup, but if the storage goes offline, you won’t be able to access it, so it is recommended to have offline backups.

https://www.bleepingcomputer.com/news/security/uk-heat-wave-causes-google-and-oracle-cloud-outages/

https://siliconangle.com/2022/07/19/google-oracle-suffer-outages-uk-amid-record-breaking-heatwave/

https://ocistatus.oraclecloud.com/#/incidents/ocid1.oraclecloudincident.oc1.phx.amaaaaaavwew44aa7zoskanlspjh4ll6wxhwxrbkbed4d4cnupxexzqzvlyq