Security News

An unidentified group of malicious sorts impersonated a so-called "Cold chain" company involved in COVID-19 vaccine distribution networks then targeted an EU governmental agency, according to IBM. Infosec researchers from Big Blue's X-Force threat intelligence unit "Uncovered targets across multiple industries, governments and global partners" involved in setting up the vaccine cold chain, it said in a blog post today. The phishing campaign's operators reportedly posed as an executive from the Chinese arm of Haier Biomedical, a business IBM described as "a credible and legitimate member company of the COVID-19 vaccine supply chain and qualified supplier for the CCEOP program."

Intel has released updated Wireless Bluetooth and Wi-Fi drivers for Windows 10 customers to address known issues causing blue screen of death errors and Bluetooth devices to lose connection or stop working. First of all, the new drivers address Windows 10 stop errors, yellow bang warnings in Device Manager, as well as random disconnections while playing online videos caused by Intel Wireless adapters with faulty drivers.

Microsoft is integrating its Pluton security processor directly into Intel, AMD, and Qualcomm CPUs to better secure Windows PCs. Windows 10 gains enhanced security by utilizing specialized chips called Trusted Platform Modules to provide hardware-based security functions. Microsoft is now partnering with Intel, AMD, and Qualcomm to introduce the Pluton security processor as an on-die chip in their CPUs.

A group of researchers from the University of Birmingham has devised a new attack that can break the confidentiality and integrity of Intel Software Guard Extensions enclaves through controlling the CPU core voltage. The attack relies on VoltPillager, "a low-cost tool for injecting messages on the Serial Voltage Identification bus between the CPU and the voltage regulator on the motherboard," and can be used to fault security-critical operations.

Researchers at the University of Birmingham have managed to break Intel SGX, a set of security functions used by Intel processors, by creating a $30 device to control CPU voltage. Break Intel SGX. The work follows a 2019 project, in which an international team of researchers demonstrated how to break Intel's security guarantees using software undervolting.

Plundervolt is a software-based attack on recent Intel processors running SGX enclaves that lowers the voltage to induce faults or errors that allow the recovery of secrets like encryption keys. Half the point of SGX is to protect sensitive code and data from rogue server administrators when said servers are out of reach and in someone else's data center - such as a cloud provider's - and yet it is possible for someone at a cloud provider with physical access to a box to jolt an Intel processor into breaking its SGX protections.

Plundervolt is a software-based attack on recent Intel processors running SGX enclaves that lowers the voltage to induce faults or errors that allow the recovery of secrets like encryption keys. Half the point of SGX is to protect sensitive code and data from rogue server administrators when said servers are out of reach and in someone else's data center - such as a cloud provider's - and yet it is possible for someone at a cloud provider with physical access to a box to jolt an Intel processor into breaking its SGX protections.

Intel addressed 95 vulnerabilities as part of the November 2020 Patch Tuesday, including critical ones affecting Intel Wireless Bluetooth products and Intel Active Management Technology. The issues were detailed in the 40 security advisories published by Intel on its Product Security Center, with the company having delivered security and functional updates to users through the Intel Platform Update process.

The Czech Republic's intelligence agency said Tuesday Russian and Chinese spies posed an imminent threat to the EU member's security and other key interests last year. All Russian intelligence services were active on Czech territory in 2019.

A massive Intel security update this month addresses flaws across a myriad of products - most notably, critical bugs that can be exploited by unauthenticated cybercriminals in order to gain escalated privileges. These critical flaws exist in products related to Wireless Bluetooth - including various Intel Wi-Fi modules and wireless network adapters - as well as in its remote out-of-band management tool, Active Management Technology.