News Posts matching "vulnerability"

Return to Keyword Browsing

Skyfall and Solace Could be the First Attacks Based on Meltdown and Spectre?

Out of the blue, a website popped up titled "Skyfall and Solace," which describes itself as two of the first attacks that exploit the Spectre and Meltdown vulnerabilities (it doesn't detail which attack exploits what vulnerability). A whois lookup reveals that the person(s) behind this website may not be the same one(s) behind the Spectre and Meltdown website. The elephant in the room, of course, is that the two attacks are named after "James Bond" films "Skyfall" and "Quantum of Solace." The website's only piece of text ends with "Full details are still under embargo and will be published soon when chip manufacturers and Operating System vendors have prepared patches," and that one should "watch this space for more." We doubt the credibility of this threat. Anyone who has designed attacks that exploit known vulnerabilities won't enter embargoes with "chip manufacturers and operating system vendors" who have already developed mitigation to the vulnerabilities.

AMD Is Served: Class Action Lawsuit Launched Over Spectre Vulnerabilities

Despite the grunt of the media's attention and overall customer rage having been thrown largely at Intel, AMD hasn't moved past the Spectre/Meltdown well, meltdown, unscathed. News has surfaced that at least two law firms have announced their intention of filing a class action lawsuit against AMD, accusing the company of not having disclosed their products' Spectre vulnerability, despite knowledge of said vulnerabilities.

AMD stated loud and clear that their processors weren't affected by the Meltdown flaw. However, regarding Spectre, AMD's terms weren't as clear cut. The company stated that its CPUs were vulnerable to the Spectre 1 flaw (patchable at a OS level), but said that vulnerability to Spectre 2's variant had "near-zero risk of exploitation". At the same time, the company also said that "GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors", adding that "While we believe that AMD's processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat.

Adding Insult to Injury: Fake Spectre, Meltdown Patch Pushes Malware to Users

A Malwarebytes report calls attention to the latest occurrence in the inevitable trend that that ensues a particular security vulnerability being given coverage by the media. As users' attention to the vulnerability is heightened, so is their search for a solution, for a way to reduce the risk of exposition. Hence, users search for patches; and hence, some fake patches surface that take advantage of the more distracted, or less informed, of those who really just want to be left at peace.

Case in point: Malwarebytes has identified a recently-registered domain that is particularly targeting German users (remember: you can be next; it's just a matter of Google translating the page for it be targeting you as well). The website is offering an information page with various links to external resources about Meltdown and Spectre and how it affects processors, and is affiliated with the German Federal Office for Information Security (BSI) - all good, right?

Hack Like It's 1998: Sites Still Vulnerable to Revived ROBOT Exploit

Another week, yet another security bulletin in tech news, with yet another vulnerability that joins the fray of both Intel's meltdown and Western Digital's MyCloud hacks. A team of researchers recently wrote a paper they titled "Return Of Bleichenbacher's Oracle Threat (ROBOT)". This paper went on to show how a well-known, circa 1998 exploit is still a viable way to take advantage of websites of even big name companies and services, such as Facebook and PayPal (in total, around 2.8% of the top 1 million sites also tested positive). The ROBOT exploit, a critical, 19-year-old vulnerability that allows attackers to decrypt encrypted data and sign communications using compromised sites' secret encryption key, is still valid. Only, it's 19 years later.

The heart of the issue stems from a vulnerability that was discovered in 1998 by researcher Daniel Bleichenbacher, who found the vulnerability in the TLS predecessor known as secure sockets layer. The attack is dubbed an Oracle threat because attackers can write specialized queries to which the websites and affected systems respond with "Yes" or "No"; as such, it's possible, given enough time, for attackers to build up the amount of disclosed sensitive information and get a clear picture of the protected data. To the flaw's discovery by Bleichenbacher, SSL architects apparently responded in a B-movie type of way, which nevertheless might have been needed to keep all systems green: by designing workarounds on top of workarounds, rather than removing or rewriting the faulty RSA algorithm.

NVIDIA Releases GeForce 390.65 WHQL Drivers

NVIDIA today released GeForce 390.65 WHQL drivers. These drivers come game-ready for "Fortnite," including support for ShadowPlay Highlights in the "Battle Royale" mode of the game. The drivers also introduce NVIDIA Freestyle technology, which lets you apply custom post-processing effects for your game, or choose from several included post-FX filters. More importantly, the drivers introduce security updates against "Spectre" variant 2 (CVE-2017-5753) vulnerability. The drivers also provide pop-up notifications when an external GPU is connected or disconnected. Grab the drivers from the link below.
DOWNLOAD: NVIDIA GeForce 390.65 WHQL

Western Digital Ships "Someone's Backdoor" With My Cloud Drives

Western Digital has seemingly been shipping their My Cloud personal network attached storage solutions with an integrated backdoor. It's not really that complicated a backdoor either - a malicious user should always be able to use it. That stems from the fact that it's a hard coded backdoor with unchangeable credentials - logging in to someone's My Cloud is as simple as inputing "mydlinkBRionyg" as the Administrator username and "abc12345cba" as the respective password. Once logged in, shell access is unlocked, which allows for easy injection of commands.

The backdoor has been published by James Bercegay, with GulfTech Research and Development, and was disclosed to Western Digital on June 12th 2017. However, since more than 6 months have passed with no patch or solution having been deployed, the researchers disclosed and published the vulnerability, which should (should) finally prompt WD to action on fixing the issue. Making things even worse, no user action is required to enable attackers to take advantage of the exploit - simply visiting malicious websites can leave the drives wide open for exploit - and the outing of a Metasploit module for this very vulnerability means that the code is now out there, and Western Digital has a race in its hands. The thing is, it needn't have.

Intel Braces for an Avalanche of Class Action Lawsuits

Following reports of Intel's gross mishandling of its CPU vulnerabilities Spectre (CVE-2017-5753 and CVE-2017-5715), and Meltdown (CVE-2017-5754); particularly its decision to not call off 8th generation Core "Coffee Lake" processor launch after learning of its vulnerability; and a general barrage of "false marketing" allegations, with a dash of "insider trading" allegations added to the mix, the company is bracing for an avalanche of class-action lawsuits in the US, and similar legal action around the world.

Owners of Intel CPU-based computers in California, Oregon, and Indiana, have filed separate complaints alleging that Intel sold vulnerable processors even after the discovery of Meltdown and Spectre; that the chips being sold were "inherently faulty," and that patches that fix them are both an "inadequate response to the problem," and "hurt performance" (false marketing about performance), by 5 to 30 percent. All three complainants are in the process of building Classes.

Intel Released "Coffee Lake" Knowing it Was Vulnerable to Spectre and Meltdown

By the time Intel launched its 8th generation Core "Coffee Lake" desktop processor family (September 25, 2017, with October 5 availability), the company was fully aware that the product it is releasing was vulnerable to the three vulnerabilities plaguing its processors today, the two more publicized of which, are "Spectre" and "Meltdown." Google Project Zero teams published their findings on three key vulnerabilities, Spectre (CVE-2017-5753 and CVE-2017-5715); and Meltdown (CVE-2017-5754) in mid-2017, shared with hardware manufacturers under embargo; well before Intel launched "Coffee Lake." Their findings were made public on January 3, 2018.

Intel's engineers would have had sufficient time to understand the severity of the vulnerability, as "Coffee Lake" is essentially the same micro-architecture as "Kaby Lake" and "Skylake." As one security researcher puts it, this could affect Intel's liability when 8th generation Core processor customers decide on a class-action lawsuit. As if that wasn't worse, "Skylake" and later micro-architectures could require micro-code updates in addition to OS kernel patches to work around the vulnerabilities. The three micro-architectures are expected to face a performance-hit, despite Intel extracting colorful statements from its main cloud-computing customers that performance isn't affected "in the real-world." The company was also well aware of Spectre and Meltdown before its CEO dumped $22 million in company stock and options (while investors and the SEC were unaware of the vulnerabilities).

Intel Aware of CPU Flaws Before CEO Brian Krzanich Planned $24M Stock Sale

The news and details on Intel's most recent chip flaw have been coming in almost faster than news outlets can put them out, and it just seems that the company is going through a phase where news are seldom good. New information has come to light that paint Intel CEO's Brian Krzanich's sale of $24M worth of stocks in November 24th in a negative spotlight, euphemisms be allowed. We (meaning, this editor) previously dismissed the share sale as a pre-planned event that didn't show any kind of shady wrongdoing in the face of news breaking out regarding Intel's VM security flaw. However, it seems as if it pays off to be negative rather than positive in the world at large, and the skeptic in me is saying "serves you right".

AMD Updates on AMD Processor Security Status

There has been recent press coverage regarding a potential security issue related to modern microprocessors and speculative execution. Information security is a priority at AMD, and our security architects follow the technology ecosystem closely for new threats. It is important to understand how the speculative execution vulnerability described in the research relates to AMD products, but please keep in mind the following:
  • The research described was performed in a controlled, dedicated lab environment by a highly knowledgeable team with detailed, non-public information about the processors targeted.
  • The described threat has not been seen in the public domain.

Dear Intel, If a Glaring Exploit Affects Intel CPUs and Not AMD, It's a Flaw

Intel tried desperately in a press note late Wednesday to brush aside allegations that the recent hardware security-vulnerability are a "bug" or a "flaw," and that the media is exaggerating the issue, notwithstanding the facts that the vulnerability only affects Intel x86 processors and not AMD x86 processors (despite the attempt to make it appear in the press-release as if the vulnerability is widespread among other CPU vendors such as AMD and ARM by simply throwing their brand names into the text); notwithstanding the fact that Intel, Linux kernel lead developers with questionable intentions, and other OS vendors such as Microsoft are keeping their correspondence under embargoes and their Linux kernel update mechanism is less than transparent; notwithstanding the fact that Intel shares are on a slump at the expense of AMD and NVIDIA shares, and CEO Brian Kraznich sold a lot of Intel stock while Intel was secretly firefighting this issue.

The exploits, titled "Meltdown," is rather glaring to be a simple vulnerability, and is described by the people who discovered it, as a bug. Apparently, it lets software running on one virtual machine (VM) access data of another VM, which hits at the very foundations of cloud-computing (integrity and security of virtual machines), and keeps customers wanting cost-effective cloud services at bay. It critically affects the very business models of Amazon, Google, Microsoft, and Alibaba, some of the world's largest cloud computing providers; and strikes at the economics of choosing Intel processors over AMD, in cloud-computing data centers, since the software patches that mitigate the vulnerability, if implemented ethically, significantly reduce performance of machines running Intel processors and not machines running AMD processors (that don't require the patch in the first place). You can read Intel's goalpost-shifting masterpiece after the break.

AMD Struggles to Be Excluded from Unwarranted Intel VT Flaw Kernel Patches

Intel is secretly firefighting a major hardware security vulnerability affecting its entire x86 processor lineup. The hardware-level vulnerability allows unauthorized memory access between two virtual machines (VMs) running on a physical machine, due to Intel's flawed implementation of its hardware-level virtualization instruction sets. OS kernel-level software patches to mitigate this vulnerability, come at huge performance costs that strike at the very economics of choosing Intel processors in large-scale datacenters and cloud-computing providers, over processors from AMD. Ryzen, Opteron, and EPYC processors are inherently immune to this vulnerability, yet the kernel patches seem to impact performance of both AMD and Intel processors.

Close inspection of kernel patches reveal code that forces machines running all x86 processors, Intel or AMD, to be patched, regardless of the fact that AMD processors are immune. Older commits to the Linux kernel git, which should feature the line "if (c->x86_vendor != X86_VENDOR_AMD)" (condition that the processor should be flagged "X86_BUG_CPU_INSECURE" only if it's not an AMD processor), have been replaced with the line "/* Assume for now that ALL x86 CPUs are insecure */" with no further accepted commits in the past 10 days. This shows that AMD's requests are being turned down by Kernel developers. Their intentions are questionable in the wake of proof that AMD processors are immune, given that patched software inflicts performance penalties on both Intel and AMD processors creating a crony "level playing field," even if the latter doesn't warrant a patch. Ideally, AMD should push to be excluded from this patch, and offer to demonstrate the invulnerability of its processors to Intel's mess.

Intel Secretly Firefighting a Major CPU Bug Affecting Datacenters?

There are ominous signs that Intel may be secretly fixing a major security vulnerability affecting its processors, which threatens to severely damage its brand equity among datacenter and cloud-computing customers. The vulnerability lets users of a virtual machine (VM) access data of another VM on the same physical machine (a memory leak). Amazon, Google, and Microsoft are among the big three cloud providers affected by this vulnerability, and Intel is reportedly in embargoed communications with engineers from the three, to release a software patch that fixes the bug. Trouble is, the patch inflicts an unavoidable performance penalty ranging between 30-35%, impacting the economics of using Intel processors versus AMD ones.

Signs of Intel secretly fixing the bug surfaced with rapid changes to the Linux kernel without proper public-visibility of the documentation. The bulk of the changes involve "kernel page table isolation," a feature that prevents VMs from reading each other's data, but at performance costs. Developers note that these changes are being introduced "very fast" by Linux kernel update standards, and even being backported to older kernel versions (something that's extremely rare). Since this is a hardware vulnerability, Linux isn't the only vulnerable software platform. Microsoft has been working on a Windows kernel patch for this issue since November 2017. AMD x86 processors (such as Opteron, Ryzen, EPYC, etc.,) are immune to this vulnerability.

HP Laptops Shipped with Hidden Keylogger

Michael Myng, more commonly known as ZwClose, was approached by a friend to look into the possibility of controlling the keyboard's backlighting on his HP laptop. Michael was down for the challenge, and his friend sent the Synaptics SynTP.sys file over to him. After analyzing the keyboard driver, he found the sleeping keylogger. The logging function is disabled by default. However, intruders can enable it easily by modifying the registry value through malicious code. Michael reported the issue to HP, and the company released a list of the affected laptop models along with a security patch. The list contains over 400 models from HP's most popular product lines like the EliteBook, ProBook, ZBook, Spectre Pro, ENVY, Pavilion, OMEN - just mention a few. Now that the vulnerability is public, we urge HP laptop owners to install the security patch ASAP. The fix is also available on Windows Update if that's your preferred method.

WannaCry: Its Origins, and Why Future Attacks may be Worse

WannaCry, the Cryptographic Ransomware that encrypted entire PCs and then demanded payment via Bitcoin to unlock them, is actually not a new piece of technology. Ransomware of this type has existed nearly as long as the cryptocurrency Bitcoin has. What made headlines was the pace with which it spread and the level of damage it caused to several facilities dependent on old, seldom-updated software (Hospitals, for example). It's not a stretch to say this may be the first cyberattack directly attributable to a civilian death, though that has not been concluded yet as we are still waiting for the dust to settle. What is clear however is WHY it spread so quickly, and it's quite simple really: Many users don't have their PCs up to date.

Google Project Zero Finds Windows Vulnerabilty, "Worst in Recent Memory"

Google's Project Zero has found yet another critical Windows Vulnerability, this time going so far as to call it "Crazy Bad" in a lone tweet by Google security researcher Tavis Ormandy. Tavis went on to elaborate that the vulnerability "works against a default install, [you] don't need to be on the same LAN, and it's wormable."

Sounds like the stuff of nightmares from a security perspective, right? The good news is Google's policy is to give companies 90 days to patch bugs like this before revealing the exploits details. The idea is to pressure developers to fix vulnerabilities before the reveal, so users remain protected and companies are forced to act rather than adopt a "wait and see" approach. Microsoft however, does not have the best follow-up reputation, having left at least two major security bugs unpatched for the entire 90-day security-flaw reveal window as recently as this year.

Intel Patches Remote Execution Flaw on Its CPUs - Active Since 2008

A bug in Intel's AMT (Active Management Technology), ISM (Standard Manageability) and SBT (Small Business Technology) firmware versions 6 to 11.6 sits unpatched since 2008 - a bug which allows "an unprivileged attacker to gain control of the manageability features provided by these products." Potentially, this could have led systems to be exploited for remote control and spyware infection (and maybe it did lead to that, and we just don't know about it.) Through this flaw, hackers could log into a vulnerable computer's hardware - outside the security features of the OS and any anti-virus suites - and silently install malware and other thriving pieces of malevolent coding. AMT having direct access to the computer's network hardware ensures this could have been done outside of local tampering. The vulnerable AMT service is part of Intel's vPro suite of processor features, so it's catering more to businesses and server boxes than for the usual consumer-based products - though we all know some hardware enthusiast's usage of this kind of processors in their personal rigs. If you don't have vPro or AMT present at all, you are in the clear. However, some outlets report that Intel systems are vulnerable to direct hardware access even if their AMT, ISM, or SBT implementations aren't provisioned - it's just the network access that doesn't work.

These insecure management features have been available in various Intel chipsets for nearly a decade, starting with the Nehalem Core i7 in 2008, all the way up to this year's Kaby Lake Core parts. Luckily, this "feature", which is present in millions of Intel chips and potentially provides a "backdoor-esque" entry point to equal millions of systems, appears to be able to be addressed through a microcode update. However, this update will have to be pushed by your system manufacturer, and you can probably begin to imagine by now how such a process will linger on, and how hard it will be for this to happen to every affected system.

Intel's Skylake and Kaby Lake-based Systems Vulnerable to USB Exploit

At this year's CCC hacker congress, researchers from Positive Technologies have released information, which documents vulnerabilities in Intel's Skylake and Kaby Lake series processors' handling of USB 3.0-based debugging - which could be used to attack, corrupt, and even subvert a user's system.

This vulnerability allows attackers to bypass typical security mechanisms - both at the hardware and at the OS level - by using a new debugging interface, which could allow them to install malware and/or rewrite the system's firmware and BIOS. The exploit is currently undetectable using existing security tools, and according to the researchers, this mechanism can be used on a hacked system regardless of the OS installed.

NVIDIA's GeForce 376.33 WHQL Drivers Fix Multiple Kernel Faults; Update ASAP

If you're one of those people who doesn't regularly update their graphics card drivers, and you're rocking an NVIDIA graphics card, you really should update your drivers to the latest WHQL version, 376.33. The release notes and a security bulletin issued by the company point towards the fixing of multiple detected kernel layer (nvlddmkm.sys) vulnerabilities in NVIDIA's previous driver releases, which could "Lead to a Denial of Service, Escalation of Privileges, or Both".

In total, there are seven reported vulnerabilities as having been fixed, with NVIDIA acknowledging contributions in the issues' detection from engineers with Google Project Zero and Cisco Talos.

Major Intel NUC Security Vulnerability Uncovered

A major security vulnerability got uncovered, affecting Intel NUC (next-unit of computing) compact system boards featuring 5th and 6th generation Core processors. It involves a BIOS-level security hole, with which an attacker with local administrative privileges can make their malware access the "system management mode," a special BIOS-level user-state, and take full control of the platform.

Intel has since released corrective BIOS updates for its 6th generation "Swift Canyon," 6th generation "Grass Canyon" and "Pinnacle Canyon" boards; and 5th generation "Rock Canyon" boards. Even the performance-oriented "Skull Canyon" NUC, which features Intel's powerful onboard graphics core, isn't spared from this vulnerability. The latest BIOS update can be installed on affected platforms using the Intel Driver Update Utility.

Epic Games Forums Hacked; Over 800,000 Passwords Stolen

The official discussion board for Epic Games, frequented by developers and gamers of Unreal Engine, "Unreal Tournament," and soon "Paragon," was hacked, exposing dates of birth, IP addresses, registration dates, registration e-mail addresses, and allegedly passwords, of over 800,000 users, reports The Hacker News. The hackers reportedly got their hands on the data by exploiting a vulnerability in the outdated version of vBulletin that Epic Games uses.

Epic Games, however, denies that the hackers got their hands on passwords. "We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no passwords in any form, neither salted, hashed, nor plaintext," the company stated. ZDNet reports that a larger portion of the vBulletin database, which includes user posts and private-messages, could also have been stolen.

ASUS Settles FTC Charges Involving Insecure Routers and "Cloud" Services

The FTC posted this press release today: Taiwan-based computer hardware maker ASUSTeK Computer, Inc. has agreed to settle Federal Trade Commission charges that critical security flaws in its routers put the home networks of hundreds of thousands of consumers at risk. The administrative complaint also charges that the routers' insecure "cloud" services led to the compromise of thousands of consumers' connected storage devices, exposing their sensitive personal information on the internet. The proposed consent order will require ASUS to establish and maintain a comprehensive security program subject to independent audits for the next 20 years.

"The Internet of Things is growing by leaps and bounds, with millions of consumers connecting smart devices to their home networks," said Jessica Rich, Director of the FTC's Bureau of Consumer Protection. "Routers play a key role in securing those home networks, so it's critical that companies like ASUS put reasonable security in place to protect consumers and their personal information."

ASUS marketed its routers as including numerous security features that the company claimed could "protect computers from any unauthorized access, hacking, and virus attacks" and "protect [the] local network against attacks from hackers." Despite these claims, the FTC's complaint alleges that ASUS didn't take reasonable steps to secure the software on its routers.

Microsoft to Roll Out Four Security Updates Next Week

The first Patch Tuesday of 2014 is less than a week away and it will see Microsoft deliver four updates, all rated 'Important', that tackle vulnerabilities found in Windows, Office, and Dynamics AX.

One of the updates is set to resolve a previously-acknowledged elevation of privilege vulnerability that affects Windows XP and Windows Server 2003 and has already seen limited, targeted attacks. The patches will become available this coming Tuesday, January 14, at about 10:00 AM PST.

For a bit more info check out the Advance Notification found here.

NVIDIA Posts GeForce 310.90 WHQL Drivers

NVIDIA closed its Sunday launch extravaganza by posting a new version of its GeForce software suite, a combination of drivers and software for its GeForce graphics processors. The new GeForce 310.90 introduces a much-needed security update for its driver service manager that patches a recently-discovered vulnerability. In addition, it brings improved stability and performance for the dual-GPU GeForce GTX 690, in 3D production applications. SLI profiles are added or updated for several games.

DOWNLOAD: NVIDIA GeForce 310.90 WHQL for Windows 8/7/Vista 64-bit, Windows 8/7/Vista 32-bit, Windows XP 32-bit, Windows XP 64-bit

The change-log specific to this release follows.

Apple Invites Kaspersky to Improve OS X Security

Weeks after security mogul Eugene Kaspersky opined that Apple is "10 years behind Microsoft on security," Kaspersky Lab revealed that it is collaborating with Apple to investigate security concerns (read: vulnerabilities) of its operating systems, and improve its security. Kaspersky Lab CTO Nikolai Grebennikov in an interview with Computing.co.uk was quoted saying "Apple recently invited us to improve its security."

Kaspersky Lab maintains that Apple's software is extremely vulnerable, going as far as to claim that Apple doesn't pay enough attention to security. "Our first investigations show Apple doesn't pay enough attention to security. For example, Oracle closed a vulnerability in Java, which was a target for a major botnet several months ago," said Grebennikov. Apple's decision to handle updates of Java runtime environment for OS X by itself, breaking away from Oracle's update cycle, particularly drew flack from Grebennikov. "Apple blocked Oracle from updating Java on Mac OS, and they perform all the udpates themselves. They only released the patch a few weeks ago – two or three months after the Oracle patch. That's far too long," he said. Kaspersky isn't too optimistic about the infinitely more popular iOS platform, either. "Our experience tells us that in the near future, perhaps in a year or so, we will see the first malware targeting iOS," it commented.
Return to Keyword Browsing