AMD chipset | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from modern CPUs. Called  Collide+Power  ( CVE-2023-20583 ),  Downfall  ( CVE-2022-40982 ), and  Inception  ( CVE-2023-20569 ), the novel methods follow the disclosure of another newly discovered security vulnerability affecting AMD's Zen 2 architecture-based processors known as  Zenbleed  (CVE-2023-20593). "Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers,"  Daniel Moghimi , senior research scientist at Google,  said . "This vulnerability [...] enables a user to access and steal data from other users who share the same computer." In a hypothetical attack scenario, a malicious app installed on a device could weaponize the method to steal sensitive information like passwords and encryption keys, effectively undermining Intel's Software G...

Security researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks. Dubbed  Retbleed  by ETH Zurich researchers Johannes Wikner and Kaveh Razavi, the issue is tracked as CVE-2022-29900 (AMD) and CVE-2022-29901 (Intel), with the chipmakers  releasing   software   mitigations  as part of a coordinated disclosure process. Retbleed is also the latest addition to a class of  Spectre attacks  known as Spectre-BTI (CVE-2017-5715 or Spectre-V2), which exploit the side effects of an optimization technique called  speculative execution  by means of a timing side channel to trick a program into accessing arbitrary locations in its memory space and leak private information. Speculative execution attempts to fill the instruction pipeline of a program by predicting which instruction will be executed next i...

AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They're no longer just tools, but an integral and significant part of your organization's workforce. Consider this reality: Today's AI agents can analyze customer data, generate reports, manage system resources, and even deploy code, all without a human clicking a single button. This shift represents both tremendous opportunity and unprecedented risk. AI Agents are only as secure as their NHIs Here's what security leaders are not necessarily considering: AI agents don't operate in isolation . To function, they need access to data, systems, and resources. This highly privileged, often overlooked acces...

AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research. Known as " Take A Way ," the new potential attack vectors leverage the L1 data (L1D) cache way predictor in AMD's Bulldozer microarchitecture to leak sensitive data from the processors and compromise the security by recovering the secret key used during encryption. The research was published by a group of academics from the Graz University of Technology and Research Institute of Computer Science and Random Systems (IRISA), who responsibly disclosed the vulnerabilities to AMD back in August 2019. "We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," AMD said in an advisory posted on its website over the weekend...

AMD has finally acknowledged 13 critical vulnerabilities, and exploitable backdoors in its Ryzen and EPYC processors disclosed earlier this month by Israel-based CTS Labs and promised to roll out firmware patches for millions of affected devices 'in the coming weeks.' According to CTS-Labs researchers, critical vulnerabilities ( RyzenFall, MasterKey, Fallout, and Chimera ) that affect AMD's Platform Security Processor (PSP) could allow attackers to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems. Although exploiting AMD vulnerabilities require admin access, it could help attackers defeat important security features like Windows Credential Guard, TPMs, and virtualization that are responsible for preventing access to the sensitive data from even an admin or root account. In a press release published by AMD on Tuesday, the company downplays the threat by saying that, "any attacker gaining unauthorised ad...

Security researchers claimed to have discovered 13 critical Spectre/Meltdown -like vulnerabilities throughout AMD's Ryzen and EPYC lines of processors that could allow attackers to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems. All these vulnerabilities reside in the secure part of the AMD's Zen architecture processors and chipsets—typically where device stores sensitive information such as passwords and encryption keys and makes sure nothing malicious is running when you start your PC. The alleged vulnerabilities are categorized into four classes—RYZENFALL, FALLOUT, CHIMERA, and MASTERKEY—and threaten wide-range of servers, workstations, and laptops running vulnerable AMD Ryzen, Ryzen Pro, Ryzen Mobile or EPYC processors. Discovered by a team of researchers at Israel-based CTS-Labs, newly disclosed  unpatched vulnerabilities defeat AMD's Secure Encrypted Virtualization (SEV) technology and could ...