Security News
IBM Power9 processors, intended for data centers and mainframes, are potentially vulnerable to abuse of their speculative execution capability. On Thursday IBM published a security advisory that explains, "IBM Power9 processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances."
"In a nutshell, Microsoft is handing over a processor design, with the firmware, to our three biggest silicon providers for the PC ecosystem. And we think this is really going to raise the fundamental security bar almost immediately, both for consumers and enterprises. This is something across the board that is just going to be part and parcel of our products, and really push us forward into the next years in terms of what security looks like," Microsoft's partner director of enterprise and OS security David Weston told TechRepublic. "You can turn off Pluton and go with a conventional TPM. There will be some RFPs that say, 'to get onto this secret network you've got to have this', and there are different geographies across the world where they have a specific security process that they expect. Pluton keeps its security capabilities, and it manages its own when it's enabled, but it can definitely work in concert with other security processors or it can be turned off, and that choice is something we explicitly designed in."
Apple this week unveiled its new M1 chip and the company has provided a brief description of its security features. The tech giant told SecurityWeek that it will detail the M1's security features in the coming weeks.
Plundervolt is a software-based attack on recent Intel processors running SGX enclaves that lowers the voltage to induce faults or errors that allow the recovery of secrets like encryption keys. Half the point of SGX is to protect sensitive code and data from rogue server administrators when said servers are out of reach and in someone else's data center - such as a cloud provider's - and yet it is possible for someone at a cloud provider with physical access to a box to jolt an Intel processor into breaking its SGX protections.
Plundervolt is a software-based attack on recent Intel processors running SGX enclaves that lowers the voltage to induce faults or errors that allow the recovery of secrets like encryption keys. Half the point of SGX is to protect sensitive code and data from rogue server administrators when said servers are out of reach and in someone else's data center - such as a cloud provider's - and yet it is possible for someone at a cloud provider with physical access to a box to jolt an Intel processor into breaking its SGX protections.
One such feature is called Intel Total Memory Encryption, which Intel said helps ensure that all memory accessed from the CPU is encrypted - such as customer credentials, encryption keys and other IP or personal information on the external memory bus. The Intel Platform Firmware Resilience will be part of the Xeon Scalable platform, which Intel claims will help protect against platform firmware attacks by detecting them before they can compromise or disable the machine.
Apple's T2 security chip is insecure and cannot be fixed, a group of security researchers report. Over the past three years, a handful of hackers have delved into the inner workings of the custom silicon, fitted inside recent Macs, and found that they can use an exploit developed for iPhone jailbreaking, checkm8, in conjunction with a memory controller vulnerability known as blackbird, to compromise the T2 on macOS computers.
OpenFive along with AnalogX announced a complete sub-system solution and implementation for Chip-to-Chip interface with ultra-low latency and power. Interlaken IP supports from 1 up to 48 SerDes lanes with up to 112G SerDes rates, providing a scalable interface that offers end-to-end reliability using optional re-transmission and flow control mechanisms.
A researcher is claiming that Apple devices - with a macOS operating system and a T2 security chip - are open to an exploit that could give bad actors root access. The flaw stems from the T2 chip, which is the second-generation version of Apple's chip that provides bolstered security - including securing its Touch ID feature, as well as providing the foundation for encrypted storage and secure boot capabilities.
Hardware video encoders from multiple suppliers contain several critical security bugs that allow a remote unauthenticated miscreant to run arbitrary code on the equipment. Huawei insists the vulnerabilities were not introduced by its HiSilicon chips nor the SDK code it provides to manufacturers that use its components.