Category Archives: intel chipset

New PlunderVolt Attack Targets Intel SGX Enclaves by Tweaking CPU Voltage

A team of cybersecurity researchers demonstrated a novel yet another technique to hijack Intel SGX, a hardware-isolated trusted space on modern Intel CPUs that encrypts extremely sensitive data to shield it from attackers even when a system gets compromised.Dubbed Plundervolt and tracked as CVE-2019-11157, the attack relies on the fact that modern processors allow frequency and voltage to be

New ZombieLoad v2 Attack Affects Intel’s Latest Cascade Lake CPUs

Zombieload is back.This time a new variant (v2) of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants (RIDL and Fallout).Initially discovered in May this year, ZombieLoad is one of the three novel types of microarchitectural data

NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs

Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer.Dubbed NetCAT, short for Network Cache ATtack, the new network-based side-channel vulnerability could allow a remote attacker to sniff

SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs

A new variant of the Spectre (Variant 1) side-channel vulnerability has been discovered that affects all modern Intel CPUs, and probably some AMD processors as well, which leverage speculative execution for high performance, Microsoft and Red Hat warned.Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the

New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011

Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices.After the discovery of Spectre and Meltdown processor vulnerabilities earlier last year that put practically every computer in the world at risk, different classes of Spectre and

Researchers Implant “Protected” Malware On Intel SGX Enclaves

Cybersecurity researchers have discovered a way to hide malicious code in Intel SGX enclaves, a hardware-based memory encryption feature in modern processors that isolates sensitive code and data to protect it from disclosure or modification.In other words, the technique allows attackers to implant malware code in a secure memory that uses protection features of SGX which are otherwise

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other

Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered

2018 has been quite a tough year for Intel.While the chip-maker giant is still dealing with Meltdown and Spectre processor vulnerabilities, yet another major speculative execution flaw has been revealed in Intel's Core and Xeon lines of processors that may leave users vulnerable to cyber-attacks.Dubbed Foreshadow, alternatively called L1 Terminal Fault or L1TF, the new attacks include

Two New Spectre-Class CPU Flaws Discovered—Intel Pays $100K Bounty

Intel has paid out a $100,000 bug bounty for new processor vulnerabilities that are related to Spectre variant one (CVE-2017-5753).The new Spectre-class variants are tracked as Spectre 1.1 (CVE-2018-3693) and Spectre 1.2, of which Spectre 1.1 described as a bounds-check bypass store attack has been considered as more dangerous.Earlier this year, Google Project Zero researchers disclosed

OpenBSD Disables Intel Hyper-Threading to Prevent Spectre-Class Attacks

Security-oriented BSD operating system OpenBSD has decided to disable support for Intel's hyper-threading performance-boosting feature, citing security concerns over Spectre-style timing attacks.Introduced in 2002, Hyper-threading is Intel's implementation of Simultaneous Multi-Threading (SMT) that allows the operating system to use a virtual core for each physical core present in processors