#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Foreshadow Attack | Breaking Cybersecurity News | The Hacker News

Category — Foreshadow Attack
Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks

Aug 07, 2020
It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow , was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and CISPA Helmholtz Center for Information Security finally revealed the exact reason behind why the kernel addresses are cached in the first place, as well as presented several new attacks that exploit the previously unidentified underlying issue, allowing attackers to sniff out sensitive data. The new research explains microarchitectural attacks were actually caused by speculative dereferencing of user-space registers in the kernel, which not just impacts the most recent Intel CPUs with the latest hardware mitigations, but also several modern processors from ARM, IBM, and AMD — previou
Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered

Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered

Aug 15, 2018
2018 has been quite a tough year for Intel. While the chip-maker giant is still dealing with Meltdown and Spectre processor vulnerabilities, yet another major speculative execution flaw has been revealed in Intel's Core and Xeon lines of processors that may leave users vulnerable to cyber-attacks. Dubbed Foreshadow , alternatively called L1 Terminal Fault or L1TF, the new attacks include three new speculative execution side-channel vulnerabilities affecting Intel processors. The Foreshadow attacks could allow a hacker or malicious application to gain access to the sensitive data stored in a computer's memory or third-party clouds, including files, encryption keys, pictures, or passwords. The three Foreshadow vulnerabilities have been categorized into two variants: 1.) Foreshadow Foreshadow ( PDF ) targets a new technology originally been designed to protect select code and users' data from disclosure or modification, even if the entire system falls under a
NIST Cybersecurity Framework (CSF) and CTEM – Better Together

NIST Cybersecurity Framework (CSF) and CTEM – Better Together

Sep 05, 2024Threat Detection / Vulnerability Management
It's been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally tailored for Critical infrastructure, 2018's version 1.1 was designed for any organization looking to address cybersecurity risk management.  CSF is a valuable tool for organizations looking to evaluate and enhance their security posture. The framework helps security stakeholders understand and assess their current security measures, organize and prioritize actions to manage risks, and improve communication within and outside organizations using a common language. It's a comprehensive collection of guidelines, best practices, and recommendations, divided into five core functions: Identify, Protec
Expert Insights / Articles Videos
Cybersecurity Resources