Monday , June 30 2025
ryzen

DATA CENTER ALERT: AMD Patches Security Flaws in EPYC Processors

AMD has released a security bulletin about three possible vulnerabilities in its Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) technology.

A researcher found vulnerabilities that could let a malicious hypervisor controlled by the host system access or modify the memory of a guest VM. This poses big risks to data security. The vulnerabilities are known as CVE-2024-21978, CVE-2024-21980, and CVE-2023-31355, with two rated as medium severity and one as high.

First couple “Rosie” to conceive using AI tech “STAR” successfully

Doctors at Columbia University Fertility Center have reported what they are calling the first pregnancy using a new AI system,...
Read More
First couple “Rosie” to conceive using AI tech “STAR” successfully

Scattered Spider Actively Attacking Aviation and Transportation: FBI

Cybersecurity experts and federal authorities are warning that the Scattered Spider hackers are now targeting aviation and transportation, indicating a...
Read More
Scattered Spider Actively Attacking Aviation and Transportation: FBI

Russia’s restrictions on Cloudflare making websites inaccessible

Since June 9, 2025, Russian users connecting to Cloudflare services have faced throttling by ISPs. As the throttling is being...
Read More
Russia’s restrictions on Cloudflare making websites inaccessible

61 million Verizon records allegedly posted online for sale

A new report from SafetyDetectives reveals that hackers posted a massive 3.1GB dataset online, containing about 61 million records reportedly...
Read More
61 million Verizon records allegedly posted online for sale

Cyber Expert ‘Rene Joshilda’ Arrested for Bomb Hoaxes

A 30-year-old robotics engineer from Chennai set off alarm bells in 11 states by allegedly sending hoax bomb threats. She...
Read More
Cyber Expert ‘Rene Joshilda’ Arrested for Bomb Hoaxes

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow to Gain Root Access

Cisco has issued updates to fix two critical security vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector...
Read More
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow to Gain Root Access

CISA Warns of FortiOS Hard-Coded Credentials Vulns

CISA warns about a serious vulnerability in Fortinet FortiOS that threatens network security. CISA included CVE-2019-6693 in its Known Exploited...
Read More
CISA Warns of FortiOS Hard-Coded Credentials Vulns

5 vendors’ printer totaling 748 models affected: Rapid7

Rapid7 has revealed serious vulnerabilities in multifunction printers (MFPs) from Brother, FUJIFILM, Ricoh, and Toshiba Tec Corporation. These findings, covering...
Read More
5 vendors’ printer totaling 748 models affected: Rapid7

Citrix Released Emergency Patches for Actively Exploited CVE-2025-6543

Citrix has issued security updates for a critical vulnerability in NetScaler ADC that has been actively exploited. The vulnerability CVE-2025-6543...
Read More
Citrix Released Emergency Patches for Actively Exploited CVE-2025-6543

SonicWall warns of a trojanized NetExtender stealing VPN logins

SonicWall warned on Monday that unknown attackers have trojanized its SSL-VPN NetExtender application, tricking users into downloading it from fake...
Read More
SonicWall warns of a trojanized NetExtender stealing VPN logins

SEV-SNP is a security feature for virtual machines that encrypts their memory to protect them from malicious attacks. However, vulnerabilities have been found in this feature due to issues with input validation and write operation restrictions in the firmware. These vulnerabilities could potentially allow a malicious hypervisor to access or corrupt a guest VM’s memory.

SEV-SNP firmware has a flaw that could let a malicious hypervisor overwrite a guest’s UMC seed, potentially allowing access to memory from a decommissioned guest.

These vulnerabilities are very important because they allow attackers to steal sensitive data, control VM operations, or even cause a denial of service. The affected products are AMD’s 3rd Gen EPYC Processors (Milan) and 4th Gen EPYC Processors (Genoa), which are commonly used in data centers and embedded systems.

To reduce the risks, AMD suggests that users update their systems with the latest Platform Initialization (PI) firmware versions mentioned in the advisory. In certain cases, there may be other options available for reducing the risks, like microcode or other patches.

For more information about firmware updates and how to protect your computer, please check the official AMD security bulletin and follow the guidelines.

Check Also

FortiOS

CISA Warns of FortiOS Hard-Coded Credentials Vulns

CISA warns about a serious vulnerability in Fortinet FortiOS that threatens network security. CISA included …

Leave a Reply

Your email address will not be published. Required fields are marked *