Security News

Join Intel on Wednesday, March 10, at SecurityWeek's Supply Chain Security Summit, where industry leaders will examine the current state of supply chain attacks. Hear Intel's experts discuss the need for transparency and integrity across the complete product lifecycle, from build to retire.

A team of researchers from the University of Illinois at Urbana-Champaign has published a paper detailing a new side-channel attack method that can be launched against devices with Intel CPUs. Following the disclosure of the Meltdown and Spectre vulnerabilities back in January 2018, researchers have increasingly focused on finding CPU side-channel attack methods - and in many cases they have been successful.

Intel announced that it has signed an agreement with Defense Advanced Research Projects Agency to perform in its Data Protection in Virtual Environments program. The multiyear program represents a cross-team effort across multiple Intel groups, including Intel Labs, the Design Engineering Group and the Data Platforms Group, to tackle "The final frontier" in data privacy, which is computing on fully encrypted data without access to decryption keys.

Join Intel on Wednesday, March 10, at SecurityWeek's Supply Chain Security Summit, where industry leaders will examine the current state of supply chain attacks. Hear Intel's experts discuss the need for transparency and integrity across the complete product lifecycle, from build to retire.

Intel processors are vulnerable to a new side-channel attack, which researchers said can allow attackers to steal sensitive information such as encryption keys or passwords. In their research paper [PDF]: "Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical," researchers said the attack is unique because it works in spite of some previous side-channel defenses.

The Defense Advanced Research Projects Agency, or DARPA, has signed an agreement with Intel to add it to its Data Protection in Virtual Environments project, which aims to create a practically useful form of fully homomorphic encryption. Fully homomorphic encryption has been described as the "Holy grail" of encryption because it allows encrypted data to be used without ever having to decrypt it.

Doctoral student Riccardo Paccagnella, master's student Licheng Luo, and assistant professor Christopher Fletcher, all from the University of Illinois at Urbana-Champaign, delved into the way CPU ring interconnects work, and found they can be abused for side-channel attacks. "It is the first attack to exploit contention on the cross-core interconnect of Intel CPUs," Paccagnella told The Register.

Intel patched 231 vulnerabilities in its products last year, roughly the same as in the previous year, when it fixed 236 flaws. The chipmaker on Wednesday published its 2020 Product Security Report, which reveals that nearly half of the vulnerabilities patched last year were discovered by its own employees, and the company claims that a vast majority of the addressed issues are the direct result of its investment in product security assurance.

Security intelligence firm Recorded Future's Insikt Group has written a paper alleging China was behind attacks on India's electricity grid. The attack is considered the probable source of Mumbai's power outage in October of the same year.

The murder of Washington Post columnist Jamal Khashoggi, which is said to be have been aided by digital surveillance, was ordered by the head of the Saudi Arabian government, US intelligence has publicly asserted. Last week, Uncle Sam's Office of the Director of National Intelligence released a statement fingering Crown Prince Mohammed bin Salman for orchestrating the killing, which a lawsuit claims was aided by tracking technology provided by spyware biz NSO Group.