The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: side channel vulnerability

New ZombieLoad v2 Attack Affects Intel's Latest Cascade Lake CPUs

New ZombieLoad v2 Attack Affects Intel's Latest Cascade Lake CPUs

November 13, 2019Mohit Kumar
Zombieload is back. This time a new variant (v2) of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown , Foreshadow and other MDS variants (RIDL and Fallout). Initially discovered in May this year, ZombieLoad is one of the three novel types of microarchitectural data sampling (MDS) speculative execution vulnerabilities that affect Intel processor generations released from 2011 onwards. The first variant of ZombieLoad is a Meltdown-type attack that targets the fill-buffer logic allowing attackers to steal sensitive data not only from other applications and the operating system but also from virtual machines running in the cloud with common hardware. ZombieLoad v2 Affects Latest Intel CPUs Now, the same group of researchers has disclosed details of a second variant of the vulnerability, dubbed ZombieLoad v2 and tracked as CVE-2019-11135 , that r
NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs

NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs

September 11, 2019Swati Khandelwal
Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer. Dubbed NetCAT , short for Network Cache ATtack, the new network-based side-channel vulnerability could allow a remote attacker to sniff out sensitive data, such as someone's SSH password, from Intel's CPU cache. Discovered by a team of security researchers from the Vrije University in Amsterdam, the vulnerability, tracked as CVE-2019-11184, resides in a performance optimization feature called Intel's DDIO—short for Data-Direct I/O—which by design grants network devices and other peripherals access to the CPU cache. The DDIO comes enabled by default on all Intel server-grade processors since 2012, including Intel Xeon E5, E7 and SP families. According to the researchers [ paper ], NetCAT attack works simila
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.