Feb 11, 2023Ravie LakshmananThreat Response / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage (TNAS) devices that could … [Read more...] about CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
intel
Kenna.VM Premier: Accelerate Vulnerability Management with Cisco Talos Intel and Remediation Analytics
New level unlocked. The next step for Kenna.VM users who are maturing their risk-based vulnerability management program is Kenna.VM Premier—and it’s live. The Cisco Kenna team is excited to release a new tier of the Kenna Security platform designed specifically for customers or prospects that have reached a point of maturity in which they can and want to do more with their … [Read more...] about Kenna.VM Premier: Accelerate Vulnerability Management with Cisco Talos Intel and Remediation Analytics
ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors
A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that's akin to an "uninitialized memory read in the CPU itself." "In contrast to … [Read more...] about ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors
New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs
Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm, and stage speculative execution attacks such as Spectre to leak sensitive information from host memory. Attacks like Spectre are designed to break the isolation between different applications by taking advantage of an … [Read more...] about New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs
How Exploit Intel Makes You Less Vulnerable
New research shows effective and efficient vulnerability management hinges on a key ingredient: exploit intel. The data arrives just in time. An expanding threat landscape In 2021, a record-breaking 20,130 Common Vulnerabilities and Exposures (CVEs) were published in the National Vulnerability Database. CVEs are exploding just as attackers are growing more sophisticated, … [Read more...] about How Exploit Intel Makes You Less Vulnerable
Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique
A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability (CVE-2021-0186, CVSS score: 8.2) was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National … [Read more...] about Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique
Intel Adds Hardware-Enabled Ransomware Detection to 11th Gen vPro Chips
Intel and Cybereason have partnered to build anti-ransomware defenses into the chipmaker's newly announced 11th generation Core vPro business-class processors. The hardware-based security enhancements are baked into Intel's vPro platform via its Hardware Shield and Threat Detection Technology (TDT), enabling profiling and detection of ransomware and other threats that have an … [Read more...] about Intel Adds Hardware-Enabled Ransomware Detection to 11th Gen vPro Chips
Barbervisor: Journey developing a snapshot fuzzer with Intel VT-x
Cisco Blogs / Security / Threat Research / Barbervisor: Journey developing a snapshot fuzzer with Intel VT-x One of the ways vulnerability researchers find bugs is with fuzzing. At a high level, fuzzing is the process of generating and mutating random inputs for a given target to crash it. In 2017, I started developing a bare metal hypervisor for the purposes of … [Read more...] about Barbervisor: Journey developing a snapshot fuzzer with Intel VT-x
Intel CPUs Vulnerable to New ‘SGAxe’ and ‘CrossTalk’ Side-Channel Attacks
Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU's trusted execution environments (TEE).Called SGAxe, the first of the flaws is an evolution of the previously uncovered CacheOut attack (CVE-2020-0549) earlier this year that allows an attacker to retrieve the contents … [Read more...] about Intel CPUs Vulnerable to New ‘SGAxe’ and ‘CrossTalk’ Side-Channel Attacks
SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs
A new variant of the Spectre (Variant 1) side-channel vulnerability has been discovered that affects all modern Intel CPUs, and probably some AMD processors as well, which leverage speculative execution for high performance, Microsoft and Red Hat warned.Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored … [Read more...] about SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs