Security News

An international team of security researchers is presenting new side-channel attacks, which use fluctuations in software power consumption to access sensitive data on Intel CPUs. Power side-channel attacks are attacks that exploit fluctuations in power consumption to extract sensitive data such as cryptographic keys.

Boffins based in Austria, Germany, and the UK have identified yet another data-leaking side-channel flaw affecting Intel processors, and potentially other chips, that exposes cryptographic secrets in memory. The paper describes a way to extract confidential data from devices by measuring power consumption fluctuations in Intel chips from Sandy Bridge onward using just software and without the need to physically wire instruments to machines.

Microsoft has released a new batch of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix new hardware vulnerabilities discovered in Intel CPUs. When Intel finds bugs in their CPUs, they release microcode updates that allow operating systems to patch the behavior of the CPU to fix, or at least mitigate, the bug.

Intel on Wednesday talked up a set of security features planned for its promised third-generation Xeon Scalable Processors, code-named Ice Lake, which are supposed to show up before the end of the year. The chip biz said it's "Doubling down on its Security First Pledge," as if some sort of quantitative measurement of security could be calculated and weighed against prior security commitments.

One such feature is called Intel Total Memory Encryption, which Intel said helps ensure that all memory accessed from the CPU is encrypted - such as customer credentials, encryption keys and other IP or personal information on the external memory bus. The Intel Platform Firmware Resilience will be part of the Xeon Scalable platform, which Intel claims will help protect against platform firmware attacks by detecting them before they can compromise or disable the machine.

Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things devices. According to Google, the vulnerability affects users of Linux kernel versions before 5.9 that support BlueZ. BlueZ, which is an open-source project distributed under GNU General Public License, features the BlueZ kernel that has been part of the official Linux kernel since version 2.4.6.

Intel on Wednesday announced the new security technologies that will be present in the company's upcoming 3rd generation Xeon Scalable processor, code-named "Ice Lake.". "Protecting data is essential to extracting value from it, and with the capabilities in the upcoming 3rd Gen Xeon Scalable platform, we will help our customers solve their toughest data challenges while improving data confidentiality and integrity. This extends our long history of partnering across the ecosystem to drive security innovations," said Lisa Spelman, corporate VP of the Data Platform Group and GM of the Xeon and Memory Group at Intel.

Intel unveiled the suite of new security features for the upcoming 3rd generation Intel Xeon Scalable platform, code-named "Ice Lake.". Intel is doubling down on its Security First Pledge, bringing its pioneering and proven Intel Software Guard Extension to the full spectrum of Ice Lake platforms, along with new features that include Intel Total Memory Encryption, Intel Platform Firmware Resilience and new cryptographic accelerators to strengthen the platform and improve the overall confidentiality and integrity of data.

Intel today revealed the data security and privacy upgrades that will be introduced to the upcoming 3rd generation Intel Xeon Scalable processors code-named Ice Lake and specifically built to power data center platforms. "Intel is doubling down on its Security First Pledge, bringing its pioneering and proven Intel Software Guard Extension to the full spectrum of Ice Lake platforms," the chip manufacturer said.

Intel 471 has announced the release of a MISP integration with premium cybercrime feeds. MISP is an open source threat intelligence platform for gathering, sharing, storing and correlating indicators of compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counterterrorism information.