hardware vulnerabilities – WindowsTechs.com

After Meltdown and Spectre, meet a new set of Intel chip flaws

Posted on May 14, 2019 by Sean Lyngaas

Those who warned that the Meltdown and Spectre computer chip flaws revealed last year would trigger a new era of hardware vulnerability discovery were onto something. On Tuesday, Intel and a group of cybersecurity researchers published details on four new potential chip attacks that exploit the same “speculative execution” process, which is used to improve CPU performance, that was central to Meltdown and Spectre. The newly revealed security issues could allow attackers to steal sensitive data from a CPU in multiple ways. Like Meltdown and Spectre, there isn’t evidence these attacks have been executed in the wild, but the insecurities they reveal in micro-architectures demand attention from hardware owners. The colorfully named ZombieLoad attack, for example, unearths private browsing history and leaks information from a computer’s application, operating system and virtual machines in the cloud. The RIDL attack leaks information from different security buffers inside the Intel processors, while an […]

The post After Meltdown and Spectre, meet a new set of Intel chip flaws appeared first on CyberScoop.

Continue reading After Meltdown and Spectre, meet a new set of Intel chip flaws→

Jolted by Meltdown and Spectre, Intel aims to accelerate patching process

Posted on May 3, 2019 by Sean Lyngaas

For years, software, not hardware, has dominated the cybersecurity industry’s efforts to develop a coordinated way of disclosing technology flaws. Software bugs are reported in much greater numbers, and there are far fewer researchers who specialize in hardware security. But hardware was thrust into the limelight in January 2018, when Spectre and Meltdown, two vulnerabilities that affected virtually all modern computer chips, were made public. The flaws could have allowed hackers to infiltrate a computer’s memory and steal sensitive data, or trick applications into spilling information without a user’s knowledge. While there’s no evidence either has been exploited, the revelation that they exist, and the complex patching process that followed, sparked industry-wide awareness about serious security flaws that might come embedded in otherwise trusted technology. Now, more than a year later, the vendors, researchers, and manufacturers involved are still trying to cut down on the time it takes to get hardware-related patches […]

The post Jolted by Meltdown and Spectre, Intel aims to accelerate patching process appeared first on CyberScoop.

Continue reading Jolted by Meltdown and Spectre, Intel aims to accelerate patching process→

‘Thunderclap’ collection of hardware vulnerabilities affects Mac, Windows, Linux systems

Posted on February 27, 2019 by Jeff Stone

Many modern computers running Mac, Windows or Linux operating systems are vulnerable to a number of security flaws that could exploit a machine’s connection to its network cards, keyboard, computer charger or other essential peripheral devices, according to research published this week from a team of computer scientists. The vulnerabilities, which require physical access to a computer, are known collectively as “Thunderclap.” They leverage operating system design flaws in what’s known as a Thunderbolt interface, a common piece of hardware that allows outside devices to connect to a machine. Researchers revealed this week at the NDSS 2019 security conference that “all Apple laptops and desktops produced since 2011 are vulnerable, with the exception of the 12-inch MacBacBook. Many laptops, and some desktops, designed to run Windows or Linux produced since 2016 are also affected[.]” The Thunderclap vulnerability could allow an attacker with access to a machine to execute commands at […]

The post ‘Thunderclap’ collection of hardware vulnerabilities affects Mac, Windows, Linux systems appeared first on CyberScoop.

Continue reading ‘Thunderclap’ collection of hardware vulnerabilities affects Mac, Windows, Linux systems→

Bloatware Insecurity Continues to Haunt Consumer, Business Laptops

Posted on May 31, 2016 by Michael Mimoso

High-severity vulnerabilities were found in pre-installed software updaters present in consumer and business laptops from vendors such as Dell, HP, Lenovo, Asus and Acer. Continue reading Bloatware Insecurity Continues to Haunt Consumer, Business Laptops→