Collaborate Disseminate
A vulnerability in Intel’s x86 chips major raises questions about the assumptions underlying computer security models.
The post ‘Downfall’ vulnerability leaves billions of Intel CPUs at risk appeared first on CyberScoop.
Continue reading ‘Downfall’ vulnerability leaves billions of Intel CPUs at risk
Even the leak of a single infographic can be a big deal for a major corporation. Intel Corp. had to act fast Thursday afternoon when it discovered that an infographic from its unpublished quarterly report had been circulating outside the company. As a result, the chipmaker posted those fourth quarter 2020 financial results a few minutes before the stock market closed at 4 p.m., instead of afterward. Chief Financial Officer George Davis told the Financial Times that the graphic had been “hacked” from the company’s public relations newsroom website. Intel has not specified who the thief might be, or where the graphic had been illicitly shared online. As financial cybercrime goes, the incident appears to be small and isolated, but it highlights the appeal of financial data — even a single page from a slide deck — to anyone inclined to use illicitly acquired information to get a leg up […]
The post Intel says financial graphic was ‘hacked,’ forcing early release of 2020 report appeared first on CyberScoop.
Continue reading Intel says financial graphic was ‘hacked,’ forcing early release of 2020 report
Nissan is examining whether source code for its North American division’s mobile apps, marketing tools and more have leaked online, the company said. “We are aware of a claim regarding a reported improper disclosure of Nissan’s confidential information and source code,” said a Nissan spokesperson. “We take this type of matter seriously and are conducting an investigation.” Tillie Kottmann, a software engineer, publicized the apparently leaked information earlier this week on Twitter and Telegram. They told CyberScoop the information came via a “severely mismanaged” server that had the username and password of “admin:admin.” “I was informed about the server by an anonymous source but acquired it myself and can thus mostly verify it,” Kottmann said via a Twitter direct message exchange. Kottmann said they also heard some ex-Nissan employees recognized projects there. Poorly configured servers are a common source of online data leaks, in recent months afflicting Razer, medical scans, […]
The post Nissan investigating possible source code exposure appeared first on CyberScoop.
Continue reading Nissan investigating possible source code exposure
Microsoft and three major computing vendors — AMD, Intel and Qualcomm Technologies — on Tuesday said they would produce security chips designed to keep attackers from stealing critical data such as encryption keys and credentials from computing systems. The goal is to guard against a relatively new breed of attack techniques, made famous by the 2018 Spectre and Meltdown vulnerabilities, that pry data from a computer’s most sensitive enclaves. To do this, Microsoft said it will store critical data on the chip itself, isolating it from the rest of the system. Advocates of the new security chip, known as Pluton, say it will cut off a key vector for data-stealing attacks: a communication channel between a computing system’s central processing unit (CPU) and another piece of hardware known as the trusted platform module (TPM). In one example of that type of attack, researchers from security company NCC Group in 2018 […]
The post Microsoft’s new ‘Pluton’ security processor gets buy-in from Intel, AMD appeared first on CyberScoop.
Continue reading Microsoft’s new ‘Pluton’ security processor gets buy-in from Intel, AMD
Chip giant Intel is investigating the leak of what appears to be a 20 GB cache of internal documents, some of which are marked “confidential,” after it appeared on various messaging platforms and data hosting sites. An Intel spokesperson told CyberScoop that the data looks to be from the company’s Resource and Design Center, which hosts information for customers, partners and other external parties that have access. “We believe an individual with access downloaded and shared this data,” a spokesperson told CyberScoop. The cache, dubbed “Intel exconfidential Lake,” is mostly comprised of training manuals and other technical documents for various software and firmware development kits. However, a section marked “Intel Restricted Secret” contains data on a March 2020 version of Intel’s 2016 Kaby Lake Platforms Silicon Initialization Code, which works with Intel BIOS. A post in a Telegram channel highlighted some of the other contents in the cache: It is […]
The post Gigabytes of ‘sensitive’ internal Intel documents dumped online appeared first on CyberScoop.
Continue reading Gigabytes of ‘sensitive’ internal Intel documents dumped online
The professionals who work to uncover security vulnerabilities in hardware must find a “common language” for categorizing them in order to make important strides in securing those systems, according to chipmaking giant Intel Corp. Hardware researchers “do not have the same standard taxonomy that would enable them to share information and techniques with one another,” Intel researchers Arun Kanuparthi and Hareesh Khattri argued in an op-ed published this week on Help Net Security, an information security website. “If we expect hardware vendors and their partners to collectively deliver more secure solutions, we must have a common language for discussing hardware security vulnerabilities,” Kanuparthi and Khattri wrote. At issue is the Common Weakness Enumeration (CWE) system, a list that is used as a yardstick on which to map Common Vulnerabilities and Exposures (CVE). CVEs are more familiar to security researchers as signposts for potential threats, and they’re a notch in the belt […]
The post Intel pushes for hardware-specific additions to vulnerability taxonomy appeared first on CyberScoop.
Continue reading Intel pushes for hardware-specific additions to vulnerability taxonomy
Microsoft is pushing an initiative meant to protect its computers’ most sensitive data amid recent revelations that nation-state hackers are beginning to exploit the fragmented nature of the company’s supply chain. The company on Monday started pushing Secured-core PCs, its term for machines that will come with Windows 10, Microsoft’s latest PC operating system; Windows Hello, which allows users to log in without a password; and, most importantly, silicon microchips built by Intel Corp., Qualcomm and AMD that are meant to more closely guard sensitive data. By ensuring that PCs are loading legitimate Windows operating systems when a devices activate, the plan goes, Microsoft will ensure that users aren’t actually loading a malicious OS inserted by an outsider. The effort goes public more than a year after security researchers at ESET caught APT28 — a group of suspected Russian hackers also known as Fancy Bear — testing out malware that launched malicious code on a computer when […]
The post Microsoft banks on new silicon chips built by Intel, others to fend off firmware attacks appeared first on CyberScoop.
Encryption has always been a battle line in cyberspace. Attackers try to break it; defenders reinforce it. The next front in that struggle is something known as homomorphic encryption, which scrambles data not just when it is at rest or in transit, but when it is being used. The idea is to not have to decrypt sensitive financial or healthcare data, for example, in order to run computations with it. Defenders are trying to get ahead of attackers by locking down data wherever it lies. The latest step in homomorphic encryption’s decade-long journey from dream to adoption was a standards meeting over the weekend of representatives from Google, Intel, and Microsoft, along with academics from around the world. While previous meetings focused on the specifics of algorithms, this fourth meeting included more talk of pursuing homomorphic encryption standards at a handful of global bodies, according to Intel’s Casimir Wierzynski, who […]
The post As homomorphic encryption gains steam, experts search for standards appeared first on CyberScoop.
Continue reading As homomorphic encryption gains steam, experts search for standards
Those who warned that the Meltdown and Spectre computer chip flaws revealed last year would trigger a new era of hardware vulnerability discovery were onto something. On Tuesday, Intel and a group of cybersecurity researchers published details on four new potential chip attacks that exploit the same “speculative execution” process, which is used to improve CPU performance, that was central to Meltdown and Spectre. The newly revealed security issues could allow attackers to steal sensitive data from a CPU in multiple ways. Like Meltdown and Spectre, there isn’t evidence these attacks have been executed in the wild, but the insecurities they reveal in micro-architectures demand attention from hardware owners. The colorfully named ZombieLoad attack, for example, unearths private browsing history and leaks information from a computer’s application, operating system and virtual machines in the cloud. The RIDL attack leaks information from different security buffers inside the Intel processors, while an […]
The post After Meltdown and Spectre, meet a new set of Intel chip flaws appeared first on CyberScoop.
Continue reading After Meltdown and Spectre, meet a new set of Intel chip flaws
For years, software, not hardware, has dominated the cybersecurity industry’s efforts to develop a coordinated way of disclosing technology flaws. Software bugs are reported in much greater numbers, and there are far fewer researchers who specialize in hardware security. But hardware was thrust into the limelight in January 2018, when Spectre and Meltdown, two vulnerabilities that affected virtually all modern computer chips, were made public. The flaws could have allowed hackers to infiltrate a computer’s memory and steal sensitive data, or trick applications into spilling information without a user’s knowledge. While there’s no evidence either has been exploited, the revelation that they exist, and the complex patching process that followed, sparked industry-wide awareness about serious security flaws that might come embedded in otherwise trusted technology. Now, more than a year later, the vendors, researchers, and manufacturers involved are still trying to cut down on the time it takes to get hardware-related patches […]
The post Jolted by Meltdown and Spectre, Intel aims to accelerate patching process appeared first on CyberScoop.
Continue reading Jolted by Meltdown and Spectre, Intel aims to accelerate patching process