Security News

An international team of security researchers is presenting new side-channel attacks, which use fluctuations in software power consumption to access sensitive data on Intel CPUs. Power side-channel attacks are attacks that exploit fluctuations in power consumption to extract sensitive data such as cryptographic keys.

Microsoft has released a new batch of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix new hardware vulnerabilities discovered in Intel CPUs. When Intel finds bugs in their CPUs, they release microcode updates that allow operating systems to patch the behavior of the CPU to fix, or at least mitigate, the bug.

Oracle on Tuesday released its Critical Patch Update for October 2020, which includes 402 new security patches released across the company's product portfolio. The advisory for the latest CPU includes information on the patches released after the previous CPU, but the patches are typically cumulative, Oracle notes.

Intel on Wednesday announced the new security technologies that will be present in the company's upcoming 3rd generation Xeon Scalable processor, code-named "Ice Lake.". "Protecting data is essential to extracting value from it, and with the capabilities in the upcoming 3rd Gen Xeon Scalable platform, we will help our customers solve their toughest data challenges while improving data confidentiality and integrity. This extends our long history of partnering across the ecosystem to drive security innovations," said Lisa Spelman, corporate VP of the Data Platform Group and GM of the Xeon and Memory Group at Intel.

Cadence Design Systems announced Cadence System-Level Verification IP, a new suite of tools and libraries for automating system-on-chip testbench assembly, bus and CPU traffic generation, cache-coherency validation and system performance bottleneck analysis. Using Cadence System VIP, customers creating complex hyperscale, automotive, mobile and consumer chips can improve chip-level verification efficiency by up to 10X. The new Cadence System VIP solution takes Cadence's market leadership in IP-level verification automation and brings it to the chip level.

Intel's upcoming class of mobile CPUs, code named "Tiger Lake," will feature a long anticipated security layer, called Control-flow Enforcement Technology, which aims to protect against common malware attacks. "Intel CET delivers CPU-level security capabilities to help protect against common malware attack methods that have been a challenge to mitigate with software alone," said Tom Garrison, vice president and general manager of Client Security Strategy and Initiatives with Intel, in a Monday post.

Intel on Monday unveiled a new security technology for its processors that will help protect systems against attack methods commonly used by malware. Intel CET has two main components: indirect branch tracking, which should provide protection against jump oriented programming and call oriented programming attacks; and shadow stack, which provides return address protection against return-oriented programming attacks.

Researchers have disclosed the details of a new speculative execution attack affecting many Intel processors, and they say this is the first vulnerability of this kind that allows hackers to obtain sensitive information across the cores of a CPU. The vulnerability was discovered by a team of researchers from Vrije Universiteit Amsterdam in the Netherlands and ETH Zurich in Switzerland. They initially reported their findings to Intel in September 2018 and nearly one year later they informed the tech giant about the possibility of cross-core leaks.

Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU's trusted execution environments. The second line of attack, dubbed CrossTalk by researchers from the VU University Amsterdam, enables attacker-controlled code executing on one CPU core to target SGX enclaves running on a completely different core, and determine the enclave's private keys.

Linus Torvalds has removed a patch in the next release of the Linux kernel intended to provide additional opt-in mitigation of attacks against the L1 data CPU cache. The patch from AWS engineer Balbir Singh was to provide "An opt-in mechanism to flush the L1D cache on context switch. The goal is to allow tasks that are paranoid due to the recent snoop-assisted data sampling vulnerabilities, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."