Collaborate Disseminate
Alibaba Cloud Security team discovers Apache spark rest API remote code execution exploit, Comcast security flaws exposed partial address, Hacker finds hidden ‘God Mode’ in old x86 CPUs, and more! Full Show Notes Follow us on Twitter: https… Continue reading Alibaba Cloud Security, Comcast, and Facebook – Application Security Weekly #28
Protection rings are different privilege levels granted to software, with the kernel being the most privileged, applications the least privileged, and drivers somewhere in between.
My question is why are they called rings? (… Continue reading Why are Protection Rings called rings?
In mixed-design radio chips the processor’s activity leaks into the analog portion of the chip – and is broadcast as output. Continue reading Black Hat 2018: Mixed Signal Microcontrollers Open to Side-Channel Attacks
How I can fix CVE-2018-3640 [rogue system register read] aka ‘Variant 3a’ and CVE-2018-3639 [speculative store bypass] aka ‘Variant 4’? My status for them is VULNERABLE. I have Intel CPU and using kernel 4.17.
I read on a si… Continue reading How to fix Spectre variant 3a and variant 4?e
Researchers now say it’s possible to use the infamous Spectre vulnerability in a way that does not require direct access to a victim’s device. Researchers from the Graz University of Technology in Austria write in a paper published Thursday that they can exploit the Spectre flaw remotely without having to run code on the target machine. Such an attack, dubbed NetSpectre, would allow hackers to trick applications into leaking private information, albeit very slowly. “The attacker only sends a series of crafted requests to the victim and measures the response time to leak a secret value from the victim’s memory,” the researchers explain. Spectre is a CPU flaw affecting most modern computers that was revealed by researchers in January. It was originally thought that attackers trying to exploit it would need to somehow install malware on a victim’s device, either by tricking them into downloading malicious code or by running malicious JavaScript on a website the victim visited. […]
The post NetSpectre attack can exploit CPUs to leak information remotely, researchers say appeared first on Cyberscoop.
Continue reading NetSpectre attack can exploit CPUs to leak information remotely, researchers say
If an attacker has an unlimited physical access to CPU, but does not have access to memory, including RAM, can he attack and gain access to the user’s data?
I heard the opinion that this is impossible according to the laws o… Continue reading What can give physical access to CPU?
By ghostadmin
What we know so far about Spectre attacks is that it relies upon execution of malicious code. The code is executed on computers having speculative-execution design flaws in processor chip; once a device is compromised, it becomes possible… Continue reading Spectre attack variant can be remotely mounted to extract sensitive data
With Spectre and Meltdown, hackers can extract your password from the CPU cache. If I give someone my computer without the hard drive, can he extract my passwords through the CPU?
Continue reading Extracting passwords from recycled machine using Spectre and Meltdown
By Uzair Amir
The entire tech industry was shaken after the discovery of
This is a post from HackRead.com Read the original post: Spectre bug protection forcing Chrome to use 10 to 13% more RAM
Continue reading Spectre bug protection forcing Chrome to use 10 to 13% more RAM
(Keep in mind I’m not a computer expert so I’m trying my best here.)
Hello, recently I’ve had a problem with my computer causing my CPU Usage to go to 100%. This makes me unable to move/create/rename files in Windows Exp… Continue reading CPU Usage at 100% due to explorer.exe with malicious threads.