Security News

Intel says its engineers are partnering with security researchers to hunt for vulnerabilities in firmware, GPUs, hypervisors, chipsets, and other products in a new expansion to its bug bounty program. Last year, 97 out of the 113 externally found security vulnerabilities were reported by researchers who joined the public bug bounty program, according to Intel.

The Register broke the Meltdown story on January 2, 2018, as Intel and those who confidentially reported the security vulnerability were preparing to disclose them. To defend against Meltdown and Spectre, Intel and other affected vendors have had to add software and hardware mitigations that for some workloads make patched processors mildly to significantly slower.

Intel has removed support for SGX in 12th Generation Intel Core 11000 and 12000 processors, rendering modern PCs unable to playback Blu-ray disks in 4K resolution. This technical problem arises from the fact that Blu-ray disks require Digital Rights Management, which needs the presence of SGX to work.

The head of the UK's secretive Military Intelligence Section 6 agency - popularly known as MI6 - has delivered a rare speech in which he has warned that China, Iran, and Russia use information technology to destabilise rivals, and that the agency he leads can no longer rely on in-house innovation to develop the technologies the UK needs to defend itself. MI6 boss Richard Moore delivered a speech on Thursday at the International Institute for Strategic Studies, and opened with an explanation of why the normally reclusive agency had taken the unusual step of allowing its leader to speak in public.

Intel's issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. This creates a long tail of old products that remain in widespread use, vulnerable to attacks.

Researchers shed light on hidden root CAsHow widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. universities and Qihoo 360, the company developing the 360 Secure Browser, have collected 5 months worth of certificate data from volunteer users and analyzed certificate chains and verification statuses in web visits. How to achieve permanent server hardening through automationInformation security standards such as PCI DSS and ISO 27001 and regulations such as HIPAA and CMMC mandate system hardening as one of the most basic defenses against cyber intrusions.

Britain's National Cyber Security Centre is prepared to share its cyber defence tech and threat intel feeds with British organisations in need of extra help, it said at the launch of its annual review today. You probably don't want the country's DNS being run by GCHQ! Chief techie Ian Levy highlighted the NCSC's Protective DNS service to The Register as one example of good things the cyber defence organisation has done, with the custom DNS resolver service being used by 1,000 NHS supply chain firms to prevent their devices visiting known malicious web domains.

Microsoft has confirmed a new known issue impacting Windows 11 customers and triggering to blue screens of death on affected systems. The new issue is caused by compatibility issues between Intel Smart Sound Technology audio drivers and Windows 11, version 21H2. Intel SST is an integrated audio DSP that works with the latest Intel Core and Intel Atom processors to handle audio, voice, and speech interactions.

Certain Intel processors can be slipped into a test mode, granting access to low-level keys that can be used to, say, unlock encrypted data stored in a stolen laptop or some other device. This vulnerability, identified by Positive Technologies, a security firm just sanctioned by the US, affects various Intel Atom, Celeron, and Pentium chips that were made in the past few years.

A security vulnerability in Intel chips opens the door for encrypted file access and espionage, plus the ability to bypass copyright protection for digital content. "[The] hardware allows activation of test or debug logic at runtime for some Intel processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access," according to Intel's advisory, issued last week.