Security News

Version 90 of Google's Chrome browser includes a bit of extra security for users of recent versions of Windows and the latest x86 processors, in the form of hardware-enforced stack protection. This basically means that, if your PC supports it, it's a bit harder for malicious websites to exploit bugs in Chrome to hijack your computer.

Microsoft Defender for Endpoint expands its use of Intel Threat Detection Technology beyond accelerated memory scanning capabilities to activate central processing unit based cryptomining machine learning detection. "Customers who choose Intel vPro with the exclusive Intel Hardware Shield now gain full-stack visibility to detect threats out of the box with no need for IT configuration."

Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus, now comes with support for blocking cryptojacking malware using Intel's silicon-based Threat Detection Technology. Intel TDT is part of the Hardware Shield's suite of capabilities available on Intel vPro and Intel Core platforms, providing endpoint detection and response capabilities for advanced memory scanning, cryptojacking, and ransomware detection via CPU-based heuristics.

Intel launched its performance data center platform optimized to power the industry's broadest range of workloads - from the cloud to the network to the intelligent edge. New 3rd Gen Intel Xeon Scalable processors are the foundation of Intel's data center platform, enabling customers to capitalize on some of the most significant business opportunities today by leveraging the power of AI. New 3rd Gen Intel Xeon Scalable processors deliver a significant performance increase compared with the prior generation, with an average 46% improvement on popular data center workloads.

Cisco announced new server solutions supported by 3rd Gen Intel Xeon Scalable processors to bring new performance and security capabilities to customers' hybrid cloud infrastructure. To help technology teams address increasingly complex hybrid cloud environments, Cisco today is introducing Unified Computing System server models with the latest 3rd Gen Intel Xeon Scalable processors.

Intel is being sued under a Florida state wiretapping law for using software on its website to capture keystrokes and mouse movements of people that visit it. A class-action suit in the Circuit Court of the Fifth Judicial Circuit In and For Lake County, Florida, alleges that the tech giant unlawfully intercepted communications without user consent because of its use of analytics technology on its website.

Intel is among the growing list of companies being sued for allegedly violating American wiretapping laws by running third-party code to track interactions, such as keystrokes, click events, and cursor movements, on its website. The plaintiff, Holly Londers, claims she visited Intel's website approximately a dozen times in the twelve months to January 2021, and during those visits the chip maker "Utilized tracking, recording, and/or 'session replay' software to contemporaneously intercept [her] use and interaction with the website, including mouse clicks and movements," and information that she input, pages visited and viewed, and dates and times of visits.

Readers may remember Kottman pointed out holes in a security skills assessment website run by Deloitte, dropped 20GB of Intel secrets onto the web and shamed the security of DevOps tool SonarQube by releasing third-party code created with the project. Illegally accessing computers belonging to a security device manufacturer located in the Western District of Washington and stealing proprietary data.

A new research has yielded yet another means to pilfer sensitive data by exploiting what's the first "On-chip, cross-core" side-channel attack targeting the ring interconnect used in Intel Coffee Lake and Skylake processors. While information leakage attacks targeting the CPU microarchitecture have been previously demonstrated to break the isolation between user applications and the operating system, allowing a malicious program to access memory used by other programs, the new attack leverages a contention on the ring interconnect.

Google on Friday released proof-of-concept code for conducting a Spectre-based attack against its Chrome browser to show how web developers can take steps to mitigate browser-based side-channel attacks. The code, posted to GitHub, demonstrates how an attacker can pull data from device memory at speed of 1kB/s when running on Chrome 88 on an Intel Skylake CPU. According to Google, the attack should work on other browsers, even those running on Arm-based Apple M1 chips.