News Posts matching #cybersecurity

Return to Keyword Browsing

Intel Introduces new Security Technologies for 3rd Generation Intel Xeon Scalable Platform, Code-named "Ice Lake"

Intel today unveiled the suite of new security features for the upcoming 3rd generation Intel Xeon Scalable platform, code-named "Ice Lake." Intel is doubling down on its Security First Pledge, bringing its pioneering and proven Intel Software Guard Extension (Intel SGX) to the full spectrum of Ice Lake platforms, along with new features that include Intel Total Memory Encryption (Intel TME), Intel Platform Firmware Resilience (Intel PFR) and new cryptographic accelerators to strengthen the platform and improve the overall confidentiality and integrity of data.

Data is a critical asset both in terms of the business value it may yield and the personal information that must be protected, so cybersecurity is a top concern. The security features in Ice Lake enable Intel's customers to develop solutions that help improve their security posture and reduce risks related to privacy and compliance, such as regulated data in financial services and healthcare.

NVIDIA Introduces New Family of BlueField DPUs to Bring Breakthrough Networking, Storage and Security Performance to Every Data Center

NVIDIA today announced a new kind of processor—DPUs, or data processing units—supported by DOCA, a novel data-center-infrastructure-on-a-chip architecture that enables breakthrough networking, storage and security performance.

NVIDIA founder and CEO Jensen Huang revealed the company's three-year DPU roadmap in today's GPU Technology Conference keynote. It features the new NVIDIA BlueField -2 family of DPUs and NVIDIA DOCA software development kit for building applications on DPU-accelerated data center infrastructure services.

NETGEAR Extends WiFi6 Leadership with 2nd Orbi Mesh System Delivering Gigabit WiFi Everywhere in the Home

NETGEAR, the leading provider of mesh WiFi systems that power today's smart homes and small businesses, is introducing the next WiFi 6 member of the Orbi Mesh WiFi family, NETGEAR Orbi WiFi 6 AX4200 Tri-band Mesh Systems (RBK752/753). Joining the flagship Orbi WiFi 6 AX6000 Tri-band Mesh System (RBK852), this new Orbi Mesh System, with its attractive price point, is designed to make robust whole home WiFi 6 mesh accessible to more households around the globe. While accelerating the transition to the latest in WiFi technology, the new Orbi Tri-band Mesh WiFi system is available now as a two pack, router and satellite system (RBK752), and a three pack, router with two satellites (RBK753), from NETGEAR.com and other retailers.

Following on the tremendous success of the award-winning Orbi WiFi 6 AX6000 mesh system (RBK852) and the numerous WiFi 6 clients now available from phone and laptop manufacturers, the Orbi AX4200 WiFi 6 Mesh Systems join NETGEAR's industry-leading portfolio of WiFi 6 network product offerings. The two new WiFi 6 mesh systems make the ideal upgrade for the customer who wishes to get the benefits of both the WiFi performance and coverage of a tri-band mesh and the capacity to handle multiple devices with WiFi 6 for their home but at a more attractive price point. Tri-band mesh WiFi provides a network of wireless router and satellites with a dedicated data connection from router to satellite to ensure the best performance and reach through the entire home.

New "Plundervolt" Intel CPU Vulnerability Exploits vCore to Fault SGX and Steal Protected Data

A group of cybersecurity researchers have discovered a new security vulnerability affecting Intel processors, which they've craftily named "Plundervolt," a portmanteau of the words "plunder" and "undervolt." Chronicled under CVE-2019-11157, it was first reported to Intel in June 2019 under its security bug-bounty programme, so it could secretly develop a mitigation. With the 6-month NDA lapsing, the researchers released their findings to the public. Plundervolt is described by researchers as a way to compromise SGX (software guard extensions) protected memory by undervolting the processor when executing protected computations, to a level where SGX memory-encryption no longer protects data. The researchers have also published proof-of-concept code.

Plundervolt is different from "Rowhammer," in that it flips bits inside the processor, before they're written to the memory, so SGX doesn't protect them. Rowhammer doesn't work with SGX-protected memory. Plundervolt requires root privileges as software that let you tweak vCore require ring-0 access. You don't need direct physical access to the target machine, as tweaking software can also be remotely run. Intel put out security advisory SA-00298 and is working with motherboard vendors and OEMs to release BIOS updates that pack a new microcode with a mitigation against this vulnerability. The research paper can be read here.

NETGEAR Expands the Orbi Family with New Dual Band Mesh System- Slim and Sleek Design with Powerful WiFi

NETGEAR, the leading provider of performance mesh WiFi networking systems, is today introducing the latest addition to the popular Orbi Whole Home WiFi System. This new Orbi Dual Band Mesh WiFi System (RBK13) which consists of one router and one or more satellites is best suited to cover a medium to large sized home from 3,000 sq. ft. or higher to provide reliable WiFi for streaming and gaming. This new Orbi Mesh WiFi offering also features NETGEAR Armor cybersecurity to keep your home safe from online threats and Circle Smart Parental Controls to manage screen time.

The latest addition to the Orbi Whole Home WiFi System product family combines performance with style delivering combined speeds up to 1.2 Gbps for households with a large number of internet-connected devices. The new compact and modern design will blend subtly with a home's décor inconspicuously sitting on a shelf, counter or entertainment center. The setup is made easy and completed in minutes through the Orbi app from your Android or iOS mobile device, which also enables management of the home WiFi. Orbi works with either Amazon Alexa or Google Assistant enabling voice management of frequently used functions like enabling guest WiFi.

A Case for Windows Defender: Triad of Perfect Scores in AV-Test

Here's a strange thing: a case for a free, bundled software solution being better (in the metrics concerned and evaluated) than paid, third-party counterparts. We're writing of none other than Microsoft's own Windows Defender suite, which is bundled with Windows and offers a security solution integrated into your OS. While the "paid is always better" philosophy has been proven wrong time and again and isn't that much of a powerhouse behind users' thought process anymore, the fact is that Windows Defender has somewhat been taken for granted as an "undesirability" in users' computers. However, a comparison made by AV-Test, which pits many of the available cybersecurity solutions available on the market, has found Microsoft's Windows Defender to be worthy of a triad of perfect scores.

The results for Windows Defender include perfect (6.0) scores in the "Protection", "Performance" and Usability" categories. The testing period refers to May through June of this year, and only F-Secure SAFE 17, Kaspersky Internet Security 19 and Norton Security 22.17 managed to get the same perfect scores as Windows Defender Version 4.18. Check out the link for the score of your cybersecurity solution of choice. But it's clear that least where this period is concerned, Windows Defender walked circles around some paid solutions.

NETGEAR Delivers Advanced Network Protection With New Nighthawk Cybersecurity WiFi Router

NETGEAR , Inc. (NASDAQ:NTGR), the leading provider of networking devices that connect smart homes and small businesses to the world, today announced the availability of a new router designed to keep your network secure from online threats, the Nighthawk Cybersecurity AC2300 WiFi Router (RS400). With three years of NETGEAR Armor powered by Bitdefender included, the RS400 is well-matched to provide the best-in-class anti-virus, anti-malware, and data protection for an unlimited number of devices on your network including PCs, laptops, mobile devices, IoT and Smart Home.

Unlike software applications that are installed on laptops or smartphones, the Nighthawk Cybersecurity WiFi Router is designed to provide protection for all the connected devices on your network including vulnerable IoT smart home products. Given that the router directs all incoming and outgoing internet traffic on the network, the router becomes the first line of defense for the connected home. In addition to scanning incoming traffic for security risks, the RS400 also monitors for and can intercept rogue traffic generated from a device, in the event that a device has been hijacked.

NETGEAR Announces Its Armor Cyber Threat Protector in Partnership With Bitdefender

NETGEAR Armor on your Orbi Mesh WiFi Systems is a cybersecurity solution that protects all internet-connected devices in your home from viruses, malware, stolen passwords, identity theft and hacking, whether you're at home or on the go. Many people already have some type of anti-virus software loaded onto their home computers. However, this is often not effective enough for the cyber threats in today's environment. In fact, according to research, 146 billion records of personal information, such as credit card information or national identification / social security numbers, are expected to be stolen by cybercriminals between 2018 to 2023.

Crypto Exchange Head Takes $137 million Cold Wallet Key to his Grave

In a classic case of why businesses should have disaster mitigation plans in place, Vancouver-based crypto-currency exchange QuadrigaCX has potentially lost USD $137 million in assets (customers' money), after its founder's death. Founder and director Gerry Cotten had stored the money in an offline cold wallet on an encrypted laptop and committed its password to memory. In December, Cotten died overseas of Crohn's disease, leaving the company with no other handwritten record of the laptop's password.

Crypto exchanges tend to store assets in cold wallets either on offline computers or plain paper, to avoid the wallets getting stolen on hacked online computers. The company has hired cybersecurity firms to try and decrypt the laptop to no success thus far. Cotten's widow Jennifer Robertson in a sworn affidavit to a court said that she had not found any traces of the password in their residence despite repeated and thorough searches. QuadrigaCX in addition to the $137 million under management, also holds $53 million in disputed assets.

Fortnite is Being used as a Money Laundering Venue

The Independent has conducted an investigative report into the underwold's usage of Fortnite as a venue for money laundering. This likely won't come as a surprise - Fortnite has pretty lax acquisition restrictions for its in-game content and V-bucks, and the world's most popular multiplayer game moves millions of players through its servers daily. with such a deep pool of likely buyers for anything Fortnite at under Fortnite-store pricing, the stage is set for an almost untraceable money laundering scheme.

Touring NETGEAR at CES 2019: Wi-Fi 6 Takes Center Stage!

The gift that is CES keeps on giving! We go over the NETGEAR suite, and it was more of an entire floor, in this article with the company showing off their involvement in every networking sector imaginable- the professional environment, consumer and retail networking solutions, and smart home devices. Indeed, stepping off the elevator itself led to a hallway lined with Meural canvasses, which are very well built frames that have an integrated display to show off images of your choosing. This public hallway had generation 2.0 canvasses, with the new-for-CES generation 3.0 series inside the show room that encompasses four different frame options in two different sizes- the currently available 27" version, and the newer 21.5" size for those wanting something smaller.

Meural canvasses can be used in landscape or portrait configurations, and supports a library of over 30,000 curated art images at an optional membership cost of $49.95/year. The new generation is available from August 2019, with the new screens having a wider color gamut and a truer-to-life display, that was impressive. These are definitely for a niche audience, however, but I can appreciate NETGEAR wanting to provide more use cases for their networking solutions. The current Gen 2.0 27" canvas starts at $595 (dimensions with the frame are larger than 27"), and an optional pivoting stand with more display I/O options is an additional $49.95 for when you want to have your own images connected to it. For the rest of the tour, be sure to read past the break!

ASUS Z390 Motherboards Automatically Push Software into Your Windows Installation

During testing for our Intel Core i9-9900K review we found out that new ASUS Z390 motherboards automatically install software and drivers to your Windows 10 System, without the need for network access, and without any user knowledge or confirmation. This process happens in complete network-isolation (i.e. the machine has no Internet or LAN access). Our Windows 10 image is based on Windows 10 April 2018 Update and lacks in-built drivers for the integrated network controllers.

Upon first boot, with the machine having no LAN or Internet connectivity, we were greeted by an ASUS-specific window in the bottom right corner of our screen, asking whether we'd like to install the network drivers and download "Armoury Crate". This got us curious and we scanned the system for any files that aren't part of the standard MS Windows installation. We discovered three ASUS-signed files in our Windows 10 System32 folder, which, so it seems, magically appeared on our harddrive out of thin air. Upon further investigation we also found a new, already running, system service called "AsusUpdateCheck."

Chinese Government Allegedly Used Supermicro Motherboards to Spy on US Enterprises

In a development that underlines the national security necessity of moving electronics manufacturing out of China, server motherboards made by Supermicro in China, have been found to carry a "spy chip." This startling development is the result of a secret 2015 US Government investigation unearthed by Bloomberg. The Chinese government has allegedly been using hardware-based spyware in Supermicro motherboards that are manufactured in China; to spy on major American enterprises, including (but not limited to) Amazon Web Services and Apple, among others, who use Supermicro motherboards in their data-centers. The level of surveillance includes attempts to steal trade-secrets and intellectual property.

Fearing loss in business, affected cloud-computing providers, including AWS and Apple, have each posted strong denials that their hardware infrastructure is vulnerable to foreign government surveillance. Apple stated: "We are deeply disappointed that in their dealings with us, Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple."

Intel Gags Customers from Publishing Performance Impact of Microcode Updates

Much of the secret sauce that made Intel processors faster than AMD is going sour, as the cybersecurity community is finding gaping security vulnerabilities by exploiting features such as speculative execution. Intel's microcode updates that mitigate these vulnerabilities impact performance. Intel isn't too happy about public performance numbers put out by its customers, which it fears could blunt the competitive edge of its products. The company has hence updated the license terms governing the microcode update distribution to explicitly forbid its users from publishing comparative "before/after" performance numbers of patched processors.

The updated license for the microcode update has this controversial sentence (pay attention to "v"):
"You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; (ii) modify, adapt, enhance, disassemble, decompile, reverse engineer, change or create derivative works from the Software except and only to the extent as specifically required by mandatory applicable laws or any applicable third party license terms accompanying the Software; (iii) use or make the Software available for the use or benefit of third parties; or (iv) use the Software on Your products other than those that include the Intel hardware product(s), platform(s), or software identified in the Software; or (v) publish or provide any Software benchmark or comparison test results."

Kaspersky Labs Warns Against Cryptocurrency Social Engineering Schemes

The cryptocurrency phenomenon and the growth of a keen audience of cryptocurrency owners was never going to go unnoticed by cyber-criminals. To achieve their nefarious goals they typically use classical phishing techniques, however these often go beyond the 'ordinary' scenarios we have become familiar with. By drawing inspiration from ICO (initial coin offering) investments and the free distribution of crypto coins, cyber criminals have been able to profit from both avid cryptocurrency owners and rookies alike.

Some of the most popular targets are ICO investors, who seek to invest their money in start-ups in the hope of gaining a profit in the future. For this group of people, cyber-criminals create fake web pages that simulate the sites of official ICO projects, or try to gain access to their contacts so they can send a phishing email with the number of an e-wallet for investors to send their cryptocurrency to. The most successful attacks use well-known ICO projects. For example, by exploiting the Switcheo ICO using a proposal for the free distribution of coins, criminals stole more than $25,000 worth of cryptocurrency after spreading the link through a fake Twitter account.

Intel Announces iGPU-accelerated Threat Detection Technology

Today, Intel is taking another step forward, with two new technology announcements: Intel Threat Detection Technology (Intel TDT), a set of silicon-level capabilities that will help the ecosystem detect new classes of threats, and Intel Security Essentials, a framework that standardizes the built-in security features across Intel processors. We are also announcing a strengthened academic partnership with Purdue University, to help accelerate the development and availability of cybersecurity talent.

Intel Threat Detection Technology leverages silicon-level telemetry and functionality to help our industry partners improve the detection of advanced cyberthreats and exploits. Today we are announcing the first two Intel Threat Detection Technology capabilities, including implementation plans by Microsoft and Cisco.

The first new capability is Accelerated Memory Scanning. Current scanning technologies can detect system memory-based cyberattacks, but at the cost of CPU performance. With Accelerated Memory Scanning, the scanning is handled by Intel's integrated graphics processor, enabling more scanning, while reducing the impact on performance and power consumption. Early benchmarking on Intel test systems show CPU utilization dropped from 20 percent to as little as 2 percent.

DARPA Believes the Future of Security to be in Additional Processing Hardware

DARPA seems to be taking to heart engineer and cyber-security experts' opinions that hardware-based security would be the best security. The Defense Advanced Research Agency (DARPA), which has appeared in every other sci-fi war movie, has started its System Security Integrated through Hardware and Firmware (SSITH) program, with an initial kick worth $3.6 million to the University of Michigan. The objective? To develop "unhackable" systems, with hardware-based security solutions that become impervious to most software exploits.

Electrical Engineering and Computer Science (EECS) of the University of Michigan Professor Todd Austin, lead researcher on the project, says his team's approach, currently code-named Morpheus, achieves hack-proof hardware by "changing the internal codes once a second". Austin likens Morpheus' defenses to requiring a would-be attacker to solve a new Rubik's Cube every second to crack the chip's security. In this way, the architecture should provide the maximum possible protection against intrusions, including hacks that exploit zero-day vulnerabilities, or those that cybersecurity experts have yet to discover. Morpheus thereby provides a future-proof solution, Austin said. "This race against ever more clever cyberintruders is never going to end if we keep designing our systems around gullible hardware that can be fooled in countless ways by software," SSITH program manager Linton Salmon of the Agency's Microsystems Technology Office.

Weekend Reading 101: On Ransomware's Chains and Carbon Black's Report

Carbon Black, a cybersecurity company that's been founded by former members of the U.S. government's elite team of offensive security hackers, has released a report detailing the continued rise of ransomware's impact, which served as the fire-starter for this piece. Carbon Black's Threat Analysis Unit (TAU) has found that ransomware is an increasingly prolific economical entity, bolstered by a 2,502% increase in sales in the dark web. As with every activity, legal or illegal, the economic footprint follows profit; and in ransomware's case, it's estimated it has yielded around $1 billion just this year. Ransomware even has the advantage of not requiring specialized computer skills, and can be quickly and brainlessly deployed in search of a quick buck.

Carbon Black reports that there are currently more than 6,300 ransomware marketplaces in the dark web, with over 45,000 different product listings, which range in price from $0.5 to $3K (the median price for a DIY ransomware package stands at roughly $10.5). Ransomware sellers are taking advantage of this burgeoning, "quick buck at anyone's expense" reasoning: some ransomware sellers are earning more than six figures yearly, sometimes even more than legitimate software companies. It's no surprise, however that the report points to technologies such as Bitcoin and the Tor network as being two of the most important enablers in this ransomware explosion, besides making it much more difficult for law enforcement agencies to, well, enforce the perpetrators.
To our Forum Dwellers: this piece is marked as an Editorial

Petya/NotPetya: The Ransomware That Wasn't Actually Looking to Ransom Anything

You've heard of the Petya ransomware by now. The surge, which hit around 64 countries by June 27th, infected an estimated 12,500 computers in Ukraine alone, hitting several critical infrastructures in the country (just goes to show how vulnerable our connected systems are, really.) The number one hit country was indeed Ukraine, but the wave expanded to the Russian Federation, Poland, and eventually hit the USA (the joys of globalization, uh?) But now, some interesting details on the purported ransomware attack have come to light, which shed some mystery over the entire endeavor. Could it be that Petya (which is actually being referred to as NotPetya/SortaPetya/Petna as well, for your reference, since it mostly masquerades as that well-known ransomware) wasn't really a ransomware attack?

Intel and TPG to Set Up McAfee as an Independent Company Valued at $4.2 Billion

Intel Corporation and TPG today announced a definitive agreement under which the two parties will establish a newly formed, jointly-owned, independent cybersecurity company. The new company will be called McAfee following transaction close. TPG will own 51 percent of McAfee and Intel will own 49 percent in a transaction valuing the business at approximately $4.2 billion. TPG is making a $1.1 billion equity investment to help drive growth and enhance focus as a standalone business.

Through this transaction, TPG, a leading global alternative asset firm with demonstrated expertise in growing profitable software companies and carve-out investments, and Intel, a global technology leader that powers the cloud and billions of smart, connected computing devices, will work together to position McAfee as a strong independent company with access to significant financial, operational and technology resources. With the new investment from TPG and continued strategic backing of Intel, the new entity is expected to capitalize on significant global growth opportunities through greater focus and targeted investment.

Microsoft Unveils state-of-the-art Cybercrime Center

Microsoft Corp. on Thursday announced the opening of the Microsoft Cybercrime Center, a center of excellence for advancing the global fight against cybercrime. The Cybercrime Center combines Microsoft's legal and technical expertise as well as cutting-edge tools and technology with cross-industry expertise, marking a new era in effectively fighting crime on the Internet.

Each year, cybercrime takes a personal and financial toll on millions of consumers around the globe. The Cybercrime Center will tackle online crimes, including those associated with malware, botnets, intellectual property theft and technology-facilitated child exploitation. The work done at the Cybercrime Center will help ensure that people worldwide can use their computing devices and services with confidence.
Return to Keyword Browsing