fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Windows Devices with Newest CPUs are Susceptible to Data Damage

Windows Devices with Newest CPUs are Susceptible to Data Damage

Microsoft has warned today that Windows devices with the newest supported processors are susceptible to “data damage” on Windows 11 and Windows Server 2022.

“Windows devices that support the newest Vector Advanced Encryption Standard (AES) (VAES) instruction set might be susceptible to data damage,” the company revealed today.

Devices affected by this newly acknowledged known issue use AES-XTS (AES XEX-based tweaked-codebook mode with ciphertext stealing) or AES-GCM (AES with Galois/Counter Mode) block cipher modes on new hardware.

Also Read: Advisory Guidelines on Key Concepts in the PDPA: 23 Chapters

While Microsoft mentions the data loss risks on affected systems, the company does not elaborate on what customers should expect if they’re hit by this issue.

Issue fixed in May and June Windows updates

Microsoft says the issue was addressed to prevent further data damage in preview and security releases issued on May 24 and June 14, respectively.

However, these Windows updates also come with a performance hit since AES-based operations might be two times (2x) slower after installing them on affected systems running Windows Server 2022 and Windows 11 (original release).

Scenarios impacted by the performance hit might include BitLocker, Transport Layer Security (TLS) (specifically load balancers), and disk throughput (especially for enterprise customers).

“We added new code paths to the Windows 11 (original release) and Windows Server 2022 versions of SymCrypt to take advantage of VAES (vectorized AES) instructions,” Microsoft said when describing the cause of the issue.

“SymCrypt is the core cryptographic library in Windows. These instructions act on Advanced Vector Extensions (AVX) registers for hardware with the newest supported processors.”

Also Read: Contract for Service Template: 5 Important Sections

Workaround for the performance hit

Customers experiencing performance degradation are advised to install June 23 preview update (Windows 11Windows Server 2022) or the July 12 security update (Windows 11Windows Server 2022) for their OS version as a workaround.

Microsoft says these Windows updates will restore initial performance metrics once installed on affected devices.

“If this affects you, we strongly urge you to install the May 24, 2022 preview release or the June 14, 2022 security release, as soon as possible, to prevent further damage,” Microsoft added.

“Performance will be restored after you install the June 23, 2022 preview release or the July 12, 2022 security release.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us