Security News

Multiple security weaknesses have been disclosed in MediaTek system-on-chips that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a "Massive eavesdrop campaign" without the users' knowledge. The discovery of the flaws is the result of reverse-engineering the Taiwanese company's audio digital signal processor unit by Israeli cybersecurity firm Check Point Research, ultimately finding that by stringing them together with other flaws present in a smartphone manufacturer's libraries, the issues uncovered in the chip could lead to local privilege escalation from an Android application.

Researchers shed light on hidden root CAsHow widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. universities and Qihoo 360, the company developing the 360 Secure Browser, have collected 5 months worth of certificate data from volunteer users and analyzed certificate chains and verification statuses in web visits. How to achieve permanent server hardening through automationInformation security standards such as PCI DSS and ISO 27001 and regulations such as HIPAA and CMMC mandate system hardening as one of the most basic defenses against cyber intrusions.

Certain Intel processors can be slipped into a test mode, granting access to low-level keys that can be used to, say, unlock encrypted data stored in a stolen laptop or some other device. This vulnerability, identified by Positive Technologies, a security firm just sanctioned by the US, affects various Intel Atom, Celeron, and Pentium chips that were made in the past few years.

Researchers uncovered a vulnerability in Intel Processors that could affect laptops, cars and embedded systems. The flaw enables testing or debugging modes on multiple Intel processor lines, which could allow an unauthorized user with physical access to obtain enhanced privileges on the system.

A federal grand jury has charged a former Broadcom engineer with stealing trade secrets and using them while working at a new employer - a Chinese chip start-up. Kim allegedly lifted the trade secrets from one of Broadcom's employee-only repositories as he prepared to leave the company in July of 2020.

NAS devices under attack: How to keep them safe?Network-attached storage devices are a helpful solution for storing, managing, and sharing files and backups and, as such, they are an attractive target for cyber criminals. 65 vendors affected by severe vulnerabilities in Realtek chipsA vulnerability within the Realtek RTL819xD module allows attackers to gain complete access to the device, installed operating systems and other network devices.

The need for chips spiked as well-given how central they became for more devices for people staying home. One way grifters are operating is they've turned to purchasing ads for chips on search engines to bait buyers, as the Wall Street Journal recently reported.

A vulnerability within the Realtek RTL819xD module allows attackers to gain complete access to the device, installed operating systems and other network devices. The chips supplied by Realtek are used by almost all well-known manufacturers and can be found in VoIP and wireless routers, repeaters, IP cameras, and smart lighting controls - just to name a few.

Researchers have described a voltage glitching attack that shows AMD's Secure Encrypted Virtualization technology may not provide proper protection for confidential data in cloud environments. The TU Berlin researchers showed that an attacker who has physical access to the targeted system can gain access to SEV-protected VM memory content by launching a voltage fault injection attack on SP. In order to work as intended, integrated circuits need to operate within specific temperature, clock stability, electromagnetic field, and supply voltage ranges.

The Secure Identity Alliance believes that a trusted legal identity is essential to protecting people's rights, fostering social inclusion and supporting economic growth. Embedded in national electronic identity cards and electronic passports, this identity provides access to essential public and private services for billions of people around the world.