VU#982149: Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)

Intel processors are vulnerable to one or more L1 data cache information disclosure and terminal fault attacks via a speculative execution side channel. These attacks are known as L1 Terminal Fault:SGX,L1 Terminal Fault:OS/SMM,and L1 Terminal Fault:VMM. Continue reading VU#982149: Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)

Intel Processors Affected with Foreshadow Speculative Execution Flaws

Security experts discovered three new vulnerabilities affecting Intel processors that appear to be speculative execution flaws called Foreshadow. This is the code name under which has been assigned to the bugs, appearing to be yet another problem that … Continue reading Intel Processors Affected with Foreshadow Speculative Execution Flaws

Foreshadow: The Sky Is Falling Again for Intel Chips

It’s been at least a month or two since the last vulnerability in Intel CPUs was released, but this time it’s serious. Foreshadow is the latest speculative execution attack that allows balaclava-wearing hackers to steal your sensitive information. You know it’s a real 0-day because it already has a domain, a logo, and this time, there’s a video explaining in simple terms anyone can understand why the sky is falling. The video uses ukuleles in the sound track, meaning it’s very well produced.

The Foreshadow attack relies on Intel’s Software Guard Extension (SGX) instructions that allow user code to allocate …read more

Continue reading Foreshadow: The Sky Is Falling Again for Intel Chips

Foreshadow, the new data-stealing vulnerabilities impacting Intel chips

Three new Spectre-class vulnerabilities that impact how Intel chips process information were revealed on Tuesday. The bugs mean data meant to be protected can be accessed by a hackers due to speculative execution leaks, a problem that’s plagued all modern processors since the beginning of the year. The problem, which ironically lays in Intel’s security technology SGX, may allow hackers to access private data including passwords and other files. The data can be stolen across virtual machines or applications on the same device. Speculative execution works like this: All modern chips make educated assumptions — the speculation — about what will happen next in order to speed up performance — the execution. The original class of attack included the Spectre (Variants 1 and 2) and Meltdown (Variant 3) vulnerabilities, discovered by Google’s Project Zero and made public in January. Virtually all modern computer chips have even impacted. There have been […]

The post Foreshadow, the new data-stealing vulnerabilities impacting Intel chips appeared first on Cyberscoop.

Continue reading Foreshadow, the new data-stealing vulnerabilities impacting Intel chips

Intel CPUs Undermined By Fresh Speculative Execution Flaws

‘Foreshadow” and other vulnerabilities in Intel processors can be exploited to steal sensitive information stored inside personal computers or personal clouds. Continue reading Intel CPUs Undermined By Fresh Speculative Execution Flaws

A week in security (August 6 – 12)

A round-up of the security news from August 6 – 12, including ransomware, interesting talks during BlackHat, botnets, and the evils of JavaScript.
Categories:

Security world
Week in security

Tags: botnetCTNT reportcybercrimeexploit kitsM… Continue reading A week in security (August 6 – 12)

Mozilla still working on Firefox’s site isolation security revamp

Mozilla’s Firefox browser doesn’t have site isolation security yet, but plans to enable it are in the works. Continue reading Mozilla still working on Firefox’s site isolation security revamp