#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Intel CPU | Breaking Cybersecurity News | The Hacker News

Category — Intel CPU
Researchers Break Intel SGX With New 'SmashEx' CPU Attack Technique

Researchers Break Intel SGX With New 'SmashEx' CPU Attack Technique

Oct 20, 2021
A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability ( CVE-2021-0186 , CVSS score: 8.2) was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National University of Defense Technology in early May 2021, who used it to stage a confidential data disclosure attack called " SmashEx " that can corrupt private data housed in the enclave and break its integrity. Introduced with Intel's Skylake processors, SGX (short for Software Guard eXtensions) allows developers to run selected application modules in a completely isolated secure compartment of memory, called an enclave or a Trusted Execution Environment (TEE), which is designed to be protected from processes running at higher privilege levels like the operating system. SGX ensures that data is secure ...
Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

Mar 08, 2021
A new research has yielded yet another means to pilfer sensitive data by exploiting what's the first "on-chip, cross-core" side-channel attack targeting the ring interconnect used in Intel Coffee Lake and Skylake processors. Published by a group of academics from the University of Illinois at Urbana-Champaign, the  findings  are expected to be presented at the USENIX Security Symposium coming this August. While information leakage attacks targeting the CPU microarchitecture have been previously demonstrated to break the isolation between user applications and the operating system, allowing a malicious program to access memory used by other programs (e.g., Meltdown and Spectre), the new attack leverages a contention on the ring interconnect. SoC  Ring interconnect  is an on-die bus arranged in a ring topology which enables intra-process communication between different components (aka agents) such as the cores, the last level cache (LLC), the graphics unit, and the...
How AI Is Transforming IAM and Identity Security

How AI Is Transforming IAM and Identity Security

Nov 15, 2024Machine Learning / Identity Security
In recent years, artificial intelligence (AI) has begun revolutionizing Identity Access Management (IAM), reshaping how cybersecurity is approached in this crucial field. Leveraging AI in IAM is about tapping into its analytical capabilities to monitor access patterns and identify anomalies that could signal a potential security breach. The focus has expanded beyond merely managing human identities — now, autonomous systems, APIs, and connected devices also fall within the realm of AI-driven IAM, creating a dynamic security ecosystem that adapts and evolves in response to sophisticated cyber threats. The Role of AI and Machine Learning in IAM AI and machine learning (ML) are creating a more robust, proactive IAM system that continuously learns from the environment to enhance security. Let's explore how AI impacts key IAM components: Intelligent Monitoring and Anomaly Detection AI enables continuous monitoring of both human and non-human identities , including APIs, service acc...
This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years

This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years

Mar 06, 2020
All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised. The vulnerability, tracked as CVE-2019-0090 , resides in the hard-coded firmware running on the ROM ("read-only memory") of the Intel's Converged Security and Management Engine (CSME), which can't be patched without replacing the silicon. Intel CSME is a separate security micro-controller incorporated into the processors that provides an isolated execution environment protected from the host opening system running on the main CPU. It is responsible for the initial authentication of Intel-based systems by loading and verifying firmware components, root of trust based secure boot, and also cryptographically authenticates the BIOS, Microsoft System Guard, BitLocker, and other security features...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
New 'CacheOut' Attack Leaks Data from Intel CPUs, VMs and SGX Enclave

New 'CacheOut' Attack Leaks Data from Intel CPUs, VMs and SGX Enclave

Jan 28, 2020
Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave . Dubbed CacheOut a.k.a. L1 Data Eviction Sampling ( L1DES ) and assigned CVE-2020-0549 , the new microarchitectural attack allows an attacker to choose which data to leak from the CPU's L1 Cache, unlike previously demonstrated MDS attacks where attackers need to wait for the targeted data to be available. According to a team of academic researchers, the newly-discovered speculative execution attacks can leak information across multiple security boundaries, including those between hyper-threads, virtual machines, and processes, and between user space and the operating system kernel, and from SGX enclaves. ...
New PlunderVolt Attack Targets Intel SGX Enclaves by Tweaking CPU Voltage

New PlunderVolt Attack Targets Intel SGX Enclaves by Tweaking CPU Voltage

Dec 11, 2019
A team of cybersecurity researchers demonstrated a novel yet another technique to hijack Intel SGX, a hardware-isolated trusted space on modern Intel CPUs that encrypts extremely sensitive data to shield it from attackers even when a system gets compromised. Dubbed Plundervolt and tracked as CVE-2019-11157, the attack relies on the fact that modern processors allow frequency and voltage to be adjusted when needed, which, according to researchers, can be modified in a controlled way to induce errors in the memory by flipping bits. Bit flip is a phenomenon widely known for the Rowhammer attack wherein attackers hijack vulnerable memory cells by changing their value from 1 to a 0, or vice versa—all by tweaking the electrical charge of neighboring memory cells. However, since the Software Guard Extensions (SGX) enclave memory is encrypted, the Plundervolt attack leverages the same idea of flipping bits by injecting faults in the CPU before they are written to the memory. Plundervo...
Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices

Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices

Nov 13, 2019
A team of cybersecurity researchers today disclosed details of two new potentially serious CPU vulnerabilities that could allow attackers to retrieve cryptographic keys protected inside TPM chips manufactured by STMicroelectronics or firmware-based Intel TPMs. Trusted Platform Module (TPM) is a specialized hardware or firmware-based security solution that has been designed to store and protect sensitive information from attackers even when your operating system gets compromised. TMP technology is being used widely by billion of desktops, laptops, servers, smartphones, and even by Internet-of-Things (IoT) devices to protect encryption keys, passwords, and digital certificates. Collectively dubbed as TPM-Fail , both newly found vulnerabilities, as listed below, leverage a timing-based side-channel attack to recover cryptographic keys that are otherwise supposed to remain safely inside the chips. CVE-2019-11090 : Intel fTPM vulnerabilities CVE-2019-16863 : STMicroelectronics...
Expert Insights / Articles Videos
Cybersecurity Resources