intel processor | Breaking Cybersecurity News | The Hacker News

Security researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks. Dubbed  Retbleed  by ETH Zurich researchers Johannes Wikner and Kaveh Razavi, the issue is tracked as CVE-2022-29900 (AMD) and CVE-2022-29901 (Intel), with the chipmakers  releasing   software   mitigations  as part of a coordinated disclosure process. Retbleed is also the latest addition to a class of  Spectre attacks  known as Spectre-BTI (CVE-2017-5715 or Spectre-V2), which exploit the side effects of an optimization technique called  speculative execution  by means of a timing side channel to trick a program into accessing arbitrary locations in its memory space and leak private information. Speculative execution attempts to fill the instruction pipeline of a program by predicting which instruction will be executed next i...

It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow , was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and CISPA Helmholtz Center for Information Security finally revealed the exact reason behind why the kernel addresses are cached in the first place, as well as presented several new attacks that exploit the previously unidentified underlying issue, allowing attackers to sniff out sensitive data. The new research explains microarchitectural attacks were actually caused by speculative dereferencing of user-space registers in the kernel, which not just impacts the most recent Intel CPUs with the latest hardware mitigations, but also several modern processors from ARM, IBM, and AMD — previou...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU's trusted execution environments (TEE). Called SGAxe , the first of the flaws is an evolution of the previously uncovered CacheOut attack (CVE-2020-0549) earlier this year that allows an attacker to retrieve the contents from the CPU's L1 Cache. "By using the extended attack against the Intel-provided and signed architectural SGX enclaves, we retrieve the secret attestation key used for cryptographically proving the genuinity of enclaves over the network, allowing us to pass fake enclaves as genuine," a group of academics from the University of Michigan said. The second line of attack, dubbed CrossTalk by researchers from the VU University Amsterdam, enables attacker-controlled code executing on one CPU core to target SGX enclaves running on a completely different core, and determine the enclave...

Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. The findings are from a paper " DABANGG: Time for Fearless Flush based Cache Attacks " published by a pair of researchers, Biswabandan Panda and Anish Saxena, from the Indian Institute of Technology (IIT) Kanpur earlier this week. Dubbed " Dabangg " (meaning fearless), the approach builds upon the Flush+Reload and Flush+Flush attacks, which have been exploited previously by other researchers to leak data from Intel CPUs. However, the new variant aims to improve the accuracy of these attacks even in a noisy multi-core system. It also works seamlessly against non-Linux Operating Systems, like macOS. "Like any other cache attacks, flush based cache attacks rely on the calibration of cache latency," Biswabandan Panda, assistant profes...

It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless 'performance killing' patches that resolve them. Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The Hacker News. Tracked as CVE-2020-0551 , dubbed " Load Value Injection in the Line Fill Buffers" or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information—encryption keys or passwords—from the protected memory and subsequently, take significant control over a targeted system. According to experts at Bitdefender and academic researchers from a couple of universities, the new attack is particularly devastating in multi-tenant environments such as enterprise workstations or cloud servers in the datacenter. And...

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised. The vulnerability, tracked as CVE-2019-0090 , resides in the hard-coded firmware running on the ROM ("read-only memory") of the Intel's Converged Security and Management Engine (CSME), which can't be patched without replacing the silicon. Intel CSME is a separate security micro-controller incorporated into the processors that provides an isolated execution environment protected from the host opening system running on the main CPU. It is responsible for the initial authentication of Intel-based systems by loading and verifying firmware components, root of trust based secure boot, and also cryptographically authenticates the BIOS, Microsoft System Guard, BitLocker, and other security features...

Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave . Dubbed CacheOut a.k.a. L1 Data Eviction Sampling ( L1DES ) and assigned CVE-2020-0549 , the new microarchitectural attack allows an attacker to choose which data to leak from the CPU's L1 Cache, unlike previously demonstrated MDS attacks where attackers need to wait for the targeted data to be available. According to a team of academic researchers, the newly-discovered speculative execution attacks can leak information across multiple security boundaries, including those between hyper-threads, virtual machines, and processes, and between user space and the operating system kernel, and from SGX enclaves. ...

A team of cybersecurity researchers demonstrated a novel yet another technique to hijack Intel SGX, a hardware-isolated trusted space on modern Intel CPUs that encrypts extremely sensitive data to shield it from attackers even when a system gets compromised. Dubbed Plundervolt and tracked as CVE-2019-11157, the attack relies on the fact that modern processors allow frequency and voltage to be adjusted when needed, which, according to researchers, can be modified in a controlled way to induce errors in the memory by flipping bits. Bit flip is a phenomenon widely known for the Rowhammer attack wherein attackers hijack vulnerable memory cells by changing their value from 1 to a 0, or vice versa—all by tweaking the electrical charge of neighboring memory cells. However, since the Software Guard Extensions (SGX) enclave memory is encrypted, the Plundervolt attack leverages the same idea of flipping bits by injecting faults in the CPU before they are written to the memory. Plundervo...

Zombieload is back. This time a new variant (v2) of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown , Foreshadow and other MDS variants (RIDL and Fallout). Initially discovered in May this year, ZombieLoad is one of the three novel types of microarchitectural data sampling (MDS) speculative execution vulnerabilities that affect Intel processor generations released from 2011 onwards. The first variant of ZombieLoad is a Meltdown-type attack that targets the fill-buffer logic allowing attackers to steal sensitive data not only from other applications and the operating system but also from virtual machines running in the cloud with common hardware. ZombieLoad v2 Affects Latest Intel CPUs Now, the same group of researchers has disclosed details of a second variant of the vulnerability, dubbed ZombieLoad v2 and tracked as CVE-2019-11135 , that r...

A team of cybersecurity researchers today disclosed details of two new potentially serious CPU vulnerabilities that could allow attackers to retrieve cryptographic keys protected inside TPM chips manufactured by STMicroelectronics or firmware-based Intel TPMs. Trusted Platform Module (TPM) is a specialized hardware or firmware-based security solution that has been designed to store and protect sensitive information from attackers even when your operating system gets compromised. TMP technology is being used widely by billion of desktops, laptops, servers, smartphones, and even by Internet-of-Things (IoT) devices to protect encryption keys, passwords, and digital certificates. Collectively dubbed as TPM-Fail , both newly found vulnerabilities, as listed below, leverage a timing-based side-channel attack to recover cryptographic keys that are otherwise supposed to remain safely inside the chips. CVE-2019-11090 : Intel fTPM vulnerabilities CVE-2019-16863 : STMicroelectronics...

A new variant of the Spectre (Variant 1)  side-channel vulnerability has been discovered that affects all  modern Intel CPUs , and probably some AMD processors as well, which leverage speculative execution for high performance, Microsoft and Red Hat warned. Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the operating system privileged kernel memory, including passwords, tokens, and encryption keys, that would otherwise be inaccessible. Speculative execution is a core component of modern microprocessor design that speculatively executes instructions based on assumptions that are considered likely to be true. If the assumptions come out to be valid, the execution continues, otherwise discarded. Such speculative executions also have side effects that are not restored when the CPU state is unwound, leading to information disclosure, which can then be accessed using side-channel attacks . ...

Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. After the discovery of Spectre and Meltdown processor vulnerabilities earlier last year that put practically every computer in the world at risk, different classes of Spectre and Meltdown variations surfaced again and again. Now, a team of security researchers from multiple universities and security firms has discovered different but more dangerous speculative execution side-channel vulnerabilities in Intel CPUs. The newly discovered flaws could allow attackers to directly steal user-level, as well as system-level secrets from CPU buffers, including user keys, passwords, and disk encryption keys. Speculative execution is a core component of modern processors design that speculatively executes instructions based on assumptions that are considered likely to be true. ...

Cybersecurity researchers have discovered a way to hide malicious code in Intel SGX enclaves, a hardware-based memory encryption feature in modern processors that isolates sensitive code and data to protect it from disclosure or modification. In other words, the technique allows attackers to implant malware code in a secure memory that uses protection features of SGX which are otherwise designed to protect important data from prying eyes or from being tampered, even on a compromised system. Introduced with Intel's Skylake processors, SGX (Software Guard Extensions) allows developers to run selected application modules in a completely isolated secure region of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels like the operating system, kernel, BIOS, SMM, hypervisor, etc. However, a team of researchers, some of whom were behind the discovery of the Spectre-Meltdown CPU flaws , managed to bypass this protection and g...

Disclosed earlier this year, potentially dangerous Meltdown and Spectre vulnerabilities that affected a large family of modern processors proven that speculative execution attacks can be exploited in a trivial way to access highly sensitive information. Since then, several more variants of speculative execution attacks have been discovered, including Spectre-NG , SpectreRSB, Spectre 1.1, Spectre1.2, TLBleed , Lazy FP , NetSpectre and Foreshadow , patches for which were released by affected vendors time-to-time. Speculative execution is a core component of modern processors design that speculatively executes instructions based on assumptions that are considered likely to be true. If the assumptions come out to be valid, the execution continues, otherwise discarded. Now, the same team of cybersecurity researchers who discovered original Meltdown and Spectre vulnerabilities have uncovered 7 new transient execution attacks affecting 3 major processor vendors—Intel, AMD, ARM. W...

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled. The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities discovered in the past year, including Meltdown and Spectre , TLBleed , and Foreshadow . Discovered by a team of security researchers from the Tampere University of Technology in Finland and Technical University of Havana, Cuba, the new side-channel vulnerability resides in Intel's Hyper-Threading technology, the company's implementation of Simultaneous MultiThreading (SMT). Simultaneous MultiThreading is a performance feature that works by splitting up each physical core of a processor into virtual cores, known as threads, allowing each core to...