#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Trusted Platform Module | Breaking Cybersecurity News | The Hacker News

Category — Trusted Platform Module
New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

Mar 03, 2023 Enterprise Security / IoT
A pair of serious security defects has been disclosed in the Trusted Platform Module ( TPM ) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities,  CVE-2023-1017 , concerns an out-of-bounds write, while the other,  CVE-2023-1018 , is described as an out-of-bounds read. Credited with discovering and reporting the issues in November 2022 is cybersecurity company Quarkslab. "These vulnerabilities can be triggered from user-mode applications by sending malicious commands to a TPM 2.0 whose firmware is based on an affected TCG reference implementation," the Trusted Computing Group (TCG)  said  in an advisory. Large tech vendors, organizations using enterprise computers, servers, IoT devices, and embedded systems that include a TPM can be impacted by the flaws, Quarkslab  noted , adding they "could affect billions of devices." TPM is a hardware-based solution (i.e., a crypto-pro
Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices

Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices

Nov 13, 2019
A team of cybersecurity researchers today disclosed details of two new potentially serious CPU vulnerabilities that could allow attackers to retrieve cryptographic keys protected inside TPM chips manufactured by STMicroelectronics or firmware-based Intel TPMs. Trusted Platform Module (TPM) is a specialized hardware or firmware-based security solution that has been designed to store and protect sensitive information from attackers even when your operating system gets compromised. TMP technology is being used widely by billion of desktops, laptops, servers, smartphones, and even by Internet-of-Things (IoT) devices to protect encryption keys, passwords, and digital certificates. Collectively dubbed as TPM-Fail , both newly found vulnerabilities, as listed below, leverage a timing-based side-channel attack to recover cryptographic keys that are otherwise supposed to remain safely inside the chips. CVE-2019-11090 : Intel fTPM vulnerabilities CVE-2019-16863 : STMicroelectronics
5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

Nov 01, 2024SaaS Security / Insider Threat
With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams. Misconfigurations are silent killers, leading to major vulnerabilities. So, how can CISOs reduce the noise? What misconfiguration should security teams focus on first? Here are five major SaaS configuration mistakes that can lead to security breaches. #1 Misconfiguration: HelpDesk Admins Have Excessive Privileges Risk: Help desk teams have access to sensitive account management functions making them prime targets for attackers. Attackers can exploit this by convincing help desk personnel to reset MFA for privileged users, gaining unauthorized access to critical systems. Impact: Compromised help desk accounts can lead to unauthorized changes to admin-
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources