New Rowhammer Attack Targets GPUs; Figma and Meta Face Security and Privacy Scrutiny

A new variant of the Rowhammer attack has been discovered, targeting the DRAM memory of GPUs. This attack exploits vulnerabilities in GPU memory to induce bit flips, potentially allowing arbitrary code execution. Rowhammer attacks have traditionally targeted CPU memory, but this expansion to GPUs highlights the growing importance of securing all types of memory in modern computing systems. Cybersecurity professionals should be aware of this development and monitor for updates on affected GPU models and potential mitigations.

In other news, Figma has deployed a security update named "Santa" to protect against supply chain attacks. This update focuses on verifying the integrity of software components, a critical step in preventing attacks that compromise dependencies. Supply chain attacks have been a significant concern in recent years, and Figma's proactive approach sets a positive example for other software vendors.

Meanwhile, Meta has come under criticism for using localhost tracking techniques to bypass browser privacy protections. By exploiting the trusted status of localhost, Meta can track user activity even in private browsing modes, undermining user expectations of privacy. This practice raises serious privacy concerns and may prompt regulatory scrutiny and calls for stronger privacy protections in browsers.

These developments underscore the ongoing challenges in hardware security, supply chain integrity, and privacy protection. Cybersecurity professionals should prioritize monitoring for GPU vulnerabilities, implementing supply chain security measures, and staying informed about emerging privacy threats.