#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

speculative side-channel attack | Breaking Cybersecurity News | The Hacker News

Category — speculative side-channel attack
New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

Nov 04, 2018
A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled. The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities discovered in the past year, including Meltdown and Spectre , TLBleed , and Foreshadow . Discovered by a team of security researchers from the Tampere University of Technology in Finland and Technical University of Havana, Cuba, the new side-channel vulnerability resides in Intel's Hyper-Threading technology, the company's implementation of Simultaneous MultiThreading (SMT). Simultaneous MultiThreading is a performance feature that works by splitting up each physical core of a processor into virtual cores, known as threads, allowing each core to
Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered

Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered

Aug 15, 2018
2018 has been quite a tough year for Intel. While the chip-maker giant is still dealing with Meltdown and Spectre processor vulnerabilities, yet another major speculative execution flaw has been revealed in Intel's Core and Xeon lines of processors that may leave users vulnerable to cyber-attacks. Dubbed Foreshadow , alternatively called L1 Terminal Fault or L1TF, the new attacks include three new speculative execution side-channel vulnerabilities affecting Intel processors. The Foreshadow attacks could allow a hacker or malicious application to gain access to the sensitive data stored in a computer's memory or third-party clouds, including files, encryption keys, pictures, or passwords. The three Foreshadow vulnerabilities have been categorized into two variants: 1.) Foreshadow Foreshadow ( PDF ) targets a new technology originally been designed to protect select code and users' data from disclosure or modification, even if the entire system falls under a
How to Get Going with CTEM When You Don't Know Where to Start

How to Get Going with CTEM When You Don't Know Where to Start

Oct 04, 2024Vulnerability Management / Security Posture
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities - before they can be exploited by attackers.  On paper, CTEM sounds great . But where the rubber meets the road – especially for CTEM neophytes - implementing CTEM can seem overwhelming. The process of putting CTEM principles into practice can look prohibitively complex at first. However, with the right tools and a clear understanding of each stage, CTEM can be an effective method for strengthening your organization's security posture.  That's why I've put together a step-by-step guide on which tools to use for which stage. Want to learn more? Read on… Stage 1: Scoping  When you're defin
Google Enables 'Site Isolation' Feature By Default For Chrome Desktop Users

Google Enables 'Site Isolation' Feature By Default For Chrome Desktop Users

Jul 12, 2018
Google has by default enabled a security feature called "Site Isolation" in its web browser with the release of Chrome 67 for all desktop users to help them protect against many online threats, including Spectre and Meltdown attack . Site Isolation is a feature of the Google Chrome web browser that adds an additional security boundary between websites by ensuring that different sites are always put into separate processes, isolated from each other. Since each site in the browser gets its own sandboxed process, the feature makes it harder for untrusted websites to access or steal information of your accounts on other websites. In January this year when Google Project Zero researchers disclosed details of Spectre and Meltdown CPU vulnerabilities, the tech giant recommended Chrome desktop users to manually turn on Site Isolation feature on their devices to mitigate speculative side-channel attacks. "Even if a Spectre attack were to occur in a malicious web page,
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Expert Insights / Articles Videos
Cybersecurity Resources