News Posts matching #Security

Return to Keyword Browsing

Razer Leaks Personal Information of Over 100,000 Gamers

Security researcher Volodymyr Diachenko has discovered a security breach over at hardware peripheral manufacturer Razer. Reportedly, Mr. Volodymyr found a badly configured Elasticsearch cluster filled with over 100,000 data entries of Razer customers. That means that anywhere from customer email, physical address and phone number have been exposed to the public, making this leak potentially dangerous. What is even more dangerous is that the Elasticsearch cluster was not only exposed to the internet, however, it was also indexed by a search engine, making the data more easily searchable and discoverable. This is a pure admin fail, no hacking was required, they just left the front door open. Razer issued an official response to the incident below:
Razer
We were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other sensitive data such as credit card numbers or passwords was exposed.
The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public.
We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.

Western Digital Sets a New Standard in Data Protection with Ground-Breaking ArmorLock Security Platform

Underscoring its mission to enable the world to solve its biggest data challenges by building a data infrastructure with next-gen security, Western Digital (NASDAQ: WDC) today introduced the ArmorLock Security Platform. A data encryption platform that rethinks how data security should be done, the ArmorLock Security Platform was created to help with the diverse security demands of data-centric and content-critical storage use cases in industries as varied as finance, government, healthcare, IT enterprise, legal, and media and entertainment. As data security concerns continue to rise in visibility, Western Digital plans to apply the platform across a range of storage solutions.

The first product to leverage this advanced technology, the new G-Technology ArmorLock encrypted NVMe SSD, is designed to deliver an easy-to-use, high-performance, high-grade security storage solution for creators in the media and entertainment industry. Facing the threat of hijacked media files and leaked films, studios, agencies, and especially investors are demanding a better way to protect critical content. While much of the industry's focus has been on cloud security, data often remains vulnerable on the portable storage devices holding critical commercial content.

IBM Reveals Next-Generation IBM POWER10 Processor

IBM today revealed the next generation of its IBM POWER central processing unit (CPU) family: IBM POWER10. Designed to offer a platform to meet the unique needs of enterprise hybrid cloud computing, the IBM POWER10 processor uses a design focused on energy efficiency and performance in a 7 nm form factor with an expected improvement of up to 3x greater processor energy efficiency, workload capacity, and container density than the IBM POWER9 processor.

Designed over five years with hundreds of new and pending patents, the IBM POWER10 processor is an important evolution in IBM's roadmap for POWER. Systems taking advantage of IBM POWER10 are expected to be available in the second half of 2021. Some of the new processor innovations include:
IBM POWER10 Processor IBM POWER10 Processor

CrossTalk is Another Intel-exclusive Security Vulnerability

Intel has had quite a lot of work trying to patch all vulnerabilities discovered in the past two years. Starting from Spectre and Meltdown which exploited speculative execution of the processor to execute malicious code. The entire process of speculative execution relies on the microarchitectural technique for adding more performance called speculative branch prediction. This technique predicts branch paths and prepared them for execution, so the processor spends less time figuring out where and how will instructions flow through the CPU. So far, lots of these bugs have been ironed out with software, but a lot of older CPUs are vulnerable.

However, an attacker has always thought about doing malicious code execution on a CPU core shared with the victim, and never on multiple cores. This is where the new CrossTalk vulnerability comes in. Dubbed Special Register Buffer Data Sampling (SRBDS) by Intel, it is labeled as CVE-2020-0543 in the vulnerability identifier system. The CrossTalk is bypassing all intra-core patches against Spectre and Meltdown so it can attack any CPU core on the processor. It enables attacker-controlled code execution on one CPU core to leak sensitive data from victim software executing on a different core. This technique is quite dangerous for users of shared systems like in the cloud. Often, one instance is shared across multiple customers and until now they were safe from each other. The vulnerability uses Intel's SGX security enclave against the processor so it can be executed. To read about CrossTalk in detail, please visit the page here.
Intel Meltdown and Spectre

Unfixable Flaw Found in Thunderbolt Port that Unlocks any PC in Less Than 5 Minutes

Dutch researcher from the Eindhoven University of Technology has found a new vulnerability in Thunderbolt port that allows attackers with physical access to unlock any PC running Windows or Linux kernel-based OS in less than 5 minutes. The researcher of the university called Björn Ruytenberg found a method which he calls Thunderspy, which can bypass the login screen of any PC. This attack requires physical access to the device, which is, of course, dangerous on its own if left with a person of knowledge. The Thunderbolt port is a fast protocol, and part of the reason why it is so fast is that it partially allows direct access to computer memory. And anything that can access memory directly is a potential vulnerability.

The Thunderspy attack relies on just that. There is a feature built into the Thunderbolt firmware called "Security Level", which disallows access to untrusted devices or even turns off Thunderbolt port altogether. This feature would make the port be a simple USB or display output. However, the researcher has found a way to alter the firmware setting of Thunderbolt control chip in a way so it allows any device to access the PC. This procedure is done without any trace and OS can not detect that there was a change. From there, the magic happens. Using an SPI (Serial Peripheral Interface) programmer with a SOP8 clip that connects the pins of the programmer device to the controller, the attacker just runs a script from there. This procedure requires around $400 worth of hardware. Intel already put some protection last year for the Thunderbolt port called Kernel Direct Memory Access Protection, but that feature isn't implemented on PCs manufactured before 2019. And even starting from 2019, not all PC manufacturers implement the feature, so there is a wide group of devices vulnerable to this unfixable attack.
Thunderspy attack

The Security Focused Tails OS adds Support for UEFI Secure Boot

Tails OS the operating system recommended by Edward Snowden, now works on systems with UEFI Secure Boot enabled. Tails OS is built from the ground up to offer maximum security and privacy running of a portable drive and leaving no trace on the host computer. The latest Tails OS 4.5 update added support for this crucial UEFI Secure Boot feature which was already found in most operating systems. Secure Boot uses cryptographic signatures to verify the integrity of firmware files loaded on system boot and insure they have not been tempered with.

Secure Boot has been available as part of the UEFI specification now for over two decades but is rarely used due to compatibility reasons. While not commonly used, the fact that a security focused operating system did not support this security feature was worrying for many as it meant Secure Boot had to be disabled on the host computer before the OS could boot. Work to add the feature has been ongoing over the last 6 years and is now complete and ready for use.
LOGO

Researchers Find Unfixable Vulnerability Inside Intel CPUs

Researchers have found another vulnerability Inside Intel's Converged Security and Management Engine (CSME). For starters, the CSME is a tiny CPU within a CPU that has access to whole data throughput and is dedicated to the security of the whole SoC. The CSME system is a kind of a black box, given that Intel is protecting its documentation so it can stop its copying by other vendors, however, researchers have discovered a flaw in the design of CSME and are now able to exploit millions of systems based on Intel CPUs manufactured in the last five years.

Discovered by Positive Technologies, the flaw is lying inside the Read-Only Memory (ROM) of the CSME. Given that the Mask ROM is hardcoded in the CPU, the exploit can not be fixed by a simple firmware update. The researchers from Positive Technologies describe it as such: "Unfortunately, no security system is perfect. Like all security architectures, Intel's had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over the reading of the Chipset Key and generation of all other encryption keys. One of these keys is for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform."

Kingston Encrypted IronKey D300 Series Achieves NATO Restricted Level Certification

Kingston Digital Europe Co LLP, the Flash memory affiliate of Kingston Technology Company, Inc., a world leader in memory products and technology solutions, announced its IronKey D300 Encrypted USB Flash Drive series has achieved NATO Restricted Level Certification. This indicates that, after a detailed validation process, the Kingston IronKey D300, IronKey D300S and IronKey D300SM have been listed in the NATO Information Assurance Product Catalogue (NIAPC) for security products that meet NATO's nations, civil and military bodies' operational requirements.

The NIAPC is established under an INFOSEC Directive and ensures only cryptographic products which are developed in a NATO member nation are evaluated and approved to use in accordance with NATO Security Policies. The IronKey D300 series is now included on this list, which means it is qualified as an encrypted Flash drive that meets the data protection levels established by NATO to protect information against loss or cyber-attacks. Sensitive data-in-transit needs to be protected as any loss or breach can result in harm to NATO's forces, its members or its mission.

Quick Look: Hawk Security S-Drive

Continuing our quick look series, this time we cover a product that came to us after our article on portable encrypted storage was published. That very article came about from two companies asking us if we would be interested in checking out their products, and when a startup company formed by Russians who specialize in data protection and embedded security asks you the same, you answer yes! Hawk Security was set up in 2018, and is actually based out of Hong Kong now, and offers data encryption solutions with military-grade encryption standards. They sent out their S-Drive, a portable solution with a 3D NAND-based memory and certification galore, with performance and privacy as the selling point.

The Hawk Security S-Drive ships in a thick cardboard box with a two-piece packaging, with aptly named security seals on the sides. The inner box slides out to reveal a premium unboxing experience with thick foam cut to shape, which in turn houses the user manual, the drive, and the connecting cable itself. The manual is handy for not only knowing the locking and unlocking procedures for this encrypted drive, but also the default password for using it the first time. The cable terminates in a standard USB 3.1 Gen 1 Type A connector on one end, but a 10-pin USB 3.1 Gen 1 Micro Type B super-speed connector on the other to help make the most of connection speeds. This means backwards compatibility with USB 2.0 ports is restricted to USB ports/hubs that provide enough power only, so keep that in mind. Read past the break for more on the drive.

Microsoft's Windows 7 Reaches End-Of-Life

Today, on January the 14th, Microsoft is officially ending support for Windows 7 operating system. After more than 10 years since its launch, Windows 7 has remained a primary operating system on many PCs, especially OEM PCs manufactured before 2015, when Windows 10 came out. The user transition from Windows 7 to Windows 10 has not been an easy task for Microsoft, however, by declaring that the product has reached End-Of-Life, Microsoft is trying to make millions of users pull the trigger and embrace the new operating system.

When January 14th arrives, Microsoft will stop giving Windows 7 users technical support, software updates with new features, and most importantly security updates. The official recommendation from Microsoft is to upgrade to the latest version of Windows, meaning Windows 10. As some of the older PCs may have compatibility issues with newer OS, it is also recommended to check your PC specifications. If you are a customer of the Extended Security Updates (ESU) program, you will continue to see further support in the future, however, for regular users, the support period is over.

Gryphon Online Safety Releases the Lowest Cost Mesh WiFi Security Router and Parental Control System on the Market

Gryphon Online Safety, Inc. today announced the commercial launch of its new product the Gryphon Guardian, the lowest known entry cost in the market at $119 for an all-in-one mesh WiFi security router and parental control system, making online security and digital parenting accessible to all. Gryphon Guardian is mesh compatible with the original Gryphon. The company is offering an early bird 30% off special between November 28-December 31 2019 direct from Gryphon Online Safety.

Gryphon Online Safety wants to help families protect all of their homes' devices from hacker intrusions, malware threats, to prevent kids from being exposed to inappropriate content, and to equip parents with tools to promote healthy screen time for their children. The company's purpose is to help each person reach their full potential by creating an online environment that is safe, reliable, and enjoyable.

BZFuture Saves Your Business Big on Genuine Security Software

BZFuture is a new deep-discount software company that lets you save big on renewals of your PC's premium security software from big brands, such as Kasperky, McAfee, ESET, Avira, and BitDefender. With the BZFuture Autumn 2019 Sale, enjoy discounts of up to 60% over prices quoted by these vendors for 1-year per-PC licenses to premium security software suites that include not just antivirus and anti-spyware protection, but also must-haves such as anti-spam, firewall, and anti-ransomware. BZFuture wishes to particularly recommend McAfee Antivirus for USD $11.02, and Kaspersky Internet Security for $18.20.

But why stop at renewing your antivirus? Still on Windows 7 or know someone dear who still is? BZFuture is bundling a genuine, globally-valid Windows 10 Pro permanent OEM license with all of its security software products! BZFuture operates globally, and accepts payments via reputed gateways such as PayPal, so your payment instruments stay secure. The store is also emerging as a great place to buy well-priced gaming peripherals. BZFuture in particular would like to recommend the MotoSpeed CK80, a full 104-key mechanical gaming keyboard with RGB LED lighting and Outemu Gold switches (comparable to Cherry MX Blue), for just $69.46, shipped for free worldwide. Slash 10% off the price of this keyboard with the coupon-code "Techpowerup" at checkout!

Buy McAfee Antivirus 1 PC 1-year + Windows 10 Pro for $11.02 | Kaspersky Internet Security 1 PC 1-year + Windows 10 Pro for $18.20 | Buy MotoSpeed CK80 Gaming Keyboard for $62.51

A Case for Windows Defender: Triad of Perfect Scores in AV-Test

Here's a strange thing: a case for a free, bundled software solution being better (in the metrics concerned and evaluated) than paid, third-party counterparts. We're writing of none other than Microsoft's own Windows Defender suite, which is bundled with Windows and offers a security solution integrated into your OS. While the "paid is always better" philosophy has been proven wrong time and again and isn't that much of a powerhouse behind users' thought process anymore, the fact is that Windows Defender has somewhat been taken for granted as an "undesirability" in users' computers. However, a comparison made by AV-Test, which pits many of the available cybersecurity solutions available on the market, has found Microsoft's Windows Defender to be worthy of a triad of perfect scores.

The results for Windows Defender include perfect (6.0) scores in the "Protection", "Performance" and Usability" categories. The testing period refers to May through June of this year, and only F-Secure SAFE 17, Kaspersky Internet Security 19 and Norton Security 22.17 managed to get the same perfect scores as Windows Defender Version 4.18. Check out the link for the score of your cybersecurity solution of choice. But it's clear that least where this period is concerned, Windows Defender walked circles around some paid solutions.

NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches

NVIDIA has found a total of five security vulnerabilities with its Windows drivers for GeForce, Quadro and Tesla lineup of graphics cards. These new security risks are labeled as very dangerous and have the potential to cause local code execution, denial of service, or escalation of privileges, unless the system is updated. Users are advised to update their Windows drivers as soon as possible in order to stay secure and avoid all of these vulnerabilities, so be sure to check your drivers for latest version. Exploits are only accessible on Windows based OSes, starting from Windows 7 to Windows 10.

However, one fact that's reassuring is that in order to exploit a system, attacker must have local access to the machine that is running NVIDIA GPU, as remote exploit can not happen. Bellow are the tables provided by NVIDIA that show type of exploit along with rating it carries and which driver versions are affected. There are no mitigations for this exploit, as driver update is the only available solution to secure the system.

NETGEAR Announces Its Armor Cyber Threat Protector in Partnership With Bitdefender

NETGEAR Armor on your Orbi Mesh WiFi Systems is a cybersecurity solution that protects all internet-connected devices in your home from viruses, malware, stolen passwords, identity theft and hacking, whether you're at home or on the go. Many people already have some type of anti-virus software loaded onto their home computers. However, this is often not effective enough for the cyber threats in today's environment. In fact, according to research, 146 billion records of personal information, such as credit card information or national identification / social security numbers, are expected to be stolen by cybercriminals between 2018 to 2023.

Kaspersky: Most Cyber Attacks Directed at Microsoft Office in Q4 2018

Having the world's most pervasive operating system (or office suite) is sure to leave a big mark on any company when it comes to exploitation attempts from hackers. It's a simple equation: aim your efforts at a software that runs in millions (if not billions) of machines and even a light chink in the armor could be enough to cause a cascading effect through that many users.

This principle applies to almost everything: a small effect across a billion users usually provides greater returns than a large effect on one or two players. Kaspersky labs on its security report, presented at the Security Analyst Summit, reported that the favorite target for cyber attacks was Microsoft's Office suite - a 70% figure suggests an incredible attention given to Office, really. These Office-related cyber attacks don't directly relate to the suite itself; there are other, OS-integrated components that can be targeted, or simply that Office file extensions are used as clever, headache-inducing ways of disguising malware as the second greatest evil in the world - spreadsheets.

Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

A new security vulnerability has been found that only affects Intel CPUs - AMD users need not concern regarding this issue. Dubbed Spoiler, the newfound security vulnerability was discovered by the Worcester Polytechnic Institute in partnership with the University of Lübeck, and affects all Intel CPUs since the introduction of their Core architecture. This vulnerability too affects Intel's speculative execution design, and according to the researchers, works independent of OS, virtual machine, or sandboxed environments.

As the researchers explain, Intel's speculative execution of certain memory workloads requires the full physical address bits for the information in memory to be known, which could allow for the full address to be available in user space - allowing for privilege escalation and other microarchitectural attacks. According to the researchers, a software solution to this problem is impossible, which means this is yet another silicon-level bug that needs to be addressed in future processor designs.

Gryphon Shows off Their Security-focused Mesh Networking Routers at CES 2019

Gryphon Online Safety, Inc. is a 2-year old company that, by its very name, hints strongly towards the product lineup and design philosophy. We met the CEO and CTO of the company at their booth at CES 2019, and were greeted by the Gryphon router that was built with content filtering and online secutiry in mind. They have nearly five decades of combined experience behind the Gryphon, leveraging manufacturing in China, software teams in India, and customer support in the USA to deliver a user-friendly router and mobile app which also supports mesh networking.

The Gryphon was designed with the intention of fitting in a living room, with the sharp looks akin more to a trophy or showpiece. It definitely caught our eye, especially given how hard it is to carve out a unique look with routers these days without looking like an alien artifact. The router is rated for AC3000 operation with one 2.4 GHz band for Wireless N and two 5 GHz bands for Wireless AC networking, with the second 5 GHz band being a dedicated backhaul akin to the NETGEAR Orbi to make full use of the mesh networking feature without losing performance when connected to the satellite unit. The mobile app especially makes it very handy for the average end user to allow, and control, content to their desire. We will have a full review of the Gryphon networking solution on TechPowerUp sooner than later, but for those interested, there is more information to be found on their website. The Gryphon retails for ~$215 for a single unit, and $400 for a twin-pack.

US Bans Exports to Chinese DRAM Maker Fujian Jinhua Citing National Security Interests

The United States government, via the Department of Commerce, has banned all exports from national companies to China-based Fujian Jinhua Integrated Circuits Ltd. The ban, citing "significant risk of becoming involved in activities that are contrary to the national security interests of the United States", demands that a license is required for "all exports, re-exports, and transfers of commodities, software and technology (...) to Jinhua." It then adds that these license applications will be reviewed - always - with a presumption of denial.

Seagate Unveils Industry's Most Advanced 14 TB Data Storage Portfolio

Seagate Technology, a world leader in data storage solutions, today launched the industry's widest range of advanced 14 TB hard drives, enhancing the company's enterprise and specialty drive portfolio. Consisting of IronWolf and IronWolf Pro for network attached storage (NAS) applications, the BarraCuda Pro desktop drive, surveillance-optimized SkyHawk, and Exos X14 for hyperscale data centers, this purpose-built portfolio empowers customers to consume, manage and utilize digital data more effectively and efficiently while establishing new benchmarks in speed and capacity.

With this offering, Seagate continues to lead the industry in driving data storage technology toward a lower cost per terabyte through hard drive optimization, versatility of application, and unmatched capacity. Whether for personal use, creative and design computing, online gaming, or large-scale surveillance systems and hyperscale environments, Seagate drives are opening up new data management opportunities across a wide range of markets.

Snail Mail Malware: Chinese Hackers Go Old School

In today's world, data breaches, phishing attacks, malware, and exploits are a daily occurrence. We are all familiar with the typical phishing emails that grace our inbox day in day out. You might even get a phone call from a fake Microsoft tech support employee, who attempts to gain access to your system. However, in our always-online world, it is a bit surprising to hear about hackers that would decide to use snail mail. In what will likely elicit a few giggles, U.S. state and local government agencies, along with the Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued an alert, in what I can only describe as an attack from the stone age; malware infested CDs.

Insidious New "NetSpectre" Vulnerability Can Be Exploited Over Network

The "Spectre" family of vulnerability, an exploitation of the speculative execution features of modern processors (mostly Intel), was scary enough. Up until now, running malware that implements Spectre needed one to run the program on a local machine. Running it remotely was limited to well-crafted JavaScript executed on the victim's machine, or cloud hosts made to process infected files. This is about to change. Security researchers from Graz University of Technology, including one of the discoverers of the "Meltdown" vulnerability, Daniel Gruss; have discovered NetSpectre, a fully network-based exploit that can let attackers read the memory of a remote machine without executing any program on that machine.

NetSpectre works by deriving bits and bytes from the memory based on measurements of the time the processor to succeed or recover from failure in speculative execution. As a processor is executing code, it speculates what the next instruction or data is, and stores their outcomes beforehand. A successful "guess" is rewarded with tangible performance benefits, while an unsuccessful guess is penalized with having to repeat the step. By measuring the precise time it takes for the processor to perform either (respond to success or failure in speculative execution), the contents of the memory can be inferred.

Wi-Fi Alliance Introduces Wi-Fi CERTIFIED WPA3 Security

Wi-Fi Alliance introduces Wi-Fi CERTIFIED WPA3 , the next generation of Wi-Fi security, bringing new capabilities to enhance Wi-Fi protections in personal and enterprise networks. Building on the widespread adoption of WPA2 over more than a decade, WPA3 adds new features to simplify Wi-Fi security, enable more robust authentication, and deliver increased cryptographic strength for highly sensitive data markets. As the Wi-Fi industry transitions to WPA3 security, WPA2 devices will continue to interoperate and provide recognized security.

WPA3 security continues to support the market through two distinct modes of operation: WPA3-Personal and WPA3-Enterprise. All WPA3 networks use the latest security methods, disallow outdated legacy protocols, and require use of Protected Management Frames (PMF) to maintain resiliency of mission critical networks. Key capabilities of WPA3 include:
  • WPA3-Personal: more resilient, password-based authentication even when users choose passwords that fall short of typical complexity recommendations. WPA3 leverages Simultaneous Authentication of Equals (SAE), a secure key establishment protocol between devices, to provide stronger protections for users against password guessing attempts by third parties.
  • WPA3-Enterprise: offers the equivalent of 192-bit cryptographic strength, providing additional protections for networks transmitting sensitive data, such as government or finance. The 192-bit security suite ensures a consistent combination of cryptographic tools are deployed across WPA3 networks.

Intel Processors Hit by "Lazy FP State Restore" Vulnerability

Security researchers have discovered a vulnerability affecting all modern Intel Core and Xeon processors, which is an exploit of a performance optimization feature called "lazy FP state restore," which can be exploited to sniff out sensitive information, including cryptographic keys used to protect sensitive data. The flaw affects all x86 micro-architectures by Intel, "Sandy Bridge" and later.

The "lazy FP state restore" feature is a set of commands used to temporarily store or restore the FPU states of applications running "lazily" (as opposed to "eagerly"). Red Hat put out an advisory stating that numbers held in FPU registers could be used to access sensitive information about the activities of other applications, including encryption keys. Intel began working with popular OS vendors to quickly roll out software patches against the vulnerability.

Intel Announces iGPU-accelerated Threat Detection Technology

Today, Intel is taking another step forward, with two new technology announcements: Intel Threat Detection Technology (Intel TDT), a set of silicon-level capabilities that will help the ecosystem detect new classes of threats, and Intel Security Essentials, a framework that standardizes the built-in security features across Intel processors. We are also announcing a strengthened academic partnership with Purdue University, to help accelerate the development and availability of cybersecurity talent.

Intel Threat Detection Technology leverages silicon-level telemetry and functionality to help our industry partners improve the detection of advanced cyberthreats and exploits. Today we are announcing the first two Intel Threat Detection Technology capabilities, including implementation plans by Microsoft and Cisco.

The first new capability is Accelerated Memory Scanning. Current scanning technologies can detect system memory-based cyberattacks, but at the cost of CPU performance. With Accelerated Memory Scanning, the scanning is handled by Intel's integrated graphics processor, enabling more scanning, while reducing the impact on performance and power consumption. Early benchmarking on Intel test systems show CPU utilization dropped from 20 percent to as little as 2 percent.
Return to Keyword Browsing