Security News

Intel is warning of a rare critical-severity vulnerability affecting several of its motherboards, server systems and compute modules. Beyond this critical flaw, Intel also fixed bugs tied to 22 critical-, high-, medium- and low-severity CVEs affecting its server board, systems and compute modules.

More than 20 gigabytes of proprietary data and source code from chipmaker Intel Corp. was dumped online by a third party, likely the result of a data breach from earlier this year. The announcement of the "First 20gb release in a series of large Intel leaks" was made by user and IT consultant Tillie 1312 Kottmann #BLM on Twitter, who called the information "Intel exconfidential Lake Platform Release."

Some of the boffins who in 2018 disclosed the data-leaking speculative-execution flaws known as Spectre and Meltdown today contend that attempts to extinguish the Foreshadow variant have missed the mark. In a paper slated to be distributed through ArXiv today, Martin Schwarzl, Thomas Schuster, and Daniel Gruss with Graz University of Technology, and Michael Schwarz, with the Helmholtz Center for Information Security, reveal the computer science world has misunderstood the microarchitectural flaw that enables Foreshadow, which can be exploited by malware or a rogue user on a vulnerable system to extract data from supposedly protected areas of memory - such as Intel SGX enclaves, and operating-system kernel and hypervisor addresses.

Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and CISPA Helmholtz Center for Information Security finally revealed the exact reason behind why the kernel addresses are cached in the first place, as well as presented several new attacks that exploit the previously unidentified underlying issue, allowing attackers to sniff out sensitive data. The new research explains microarchitectural attacks were actually caused by speculative dereferencing of user-space registers in the kernel, which not just impacts the most recent Intel CPUs with the latest hardware mitigations, but also several modern processors from ARM, IBM, and AMD - previously believed to be unaffected.

Intel is investigating reports that a claimed hacker has leaked 20GB of data coming from the chip giant, which appear to be related to source code and developer documents and tools. "The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access," an Intel spokesperson told SecurityWeek.

A spokesperson for Intel told us the information was likely taken from its Resource and Design Center, which is a private library of resources for computer manufacturers and the like to build systems using Intel's silicon. The IOH SR 17 probably refers to scratchpad register 17 in the I/O hub, part of Intel's chipsets, that is used by firmware code.

A spokesperson for Intel told us the information was likely taken from its Resource and Design Center, which is a private library of resources for computer manufacturers and the like to build systems using Intel's silicon. The IOH SR 17 probably refers to scratchpad register 17 in the I/O hub, part of Intel's chipsets, that is used by firmware code.

Intel and VMware are collaborating on an integrated software platform for virtualized Radio Access Networks to accelerate the rollout of both existing LTE and future 5G networks. As part of this effort, Intel and VMware will collaborate in building programmable open interfaces that leverage Intel's FlexRAN software reference architecture and a VMware RAN Intelligent Controller, to enable development of innovative radio network functions using AI/ML learning for real time resource management, traffic steering and dynamic slicing.

Farsight Security introduced DNSDB 2.0, which enables security professionals to identify and map domain names and IP addresses associated with bad actors or used in malicious infrastructures, brand infringement campaigns, phishing schemes, ransomware and other cybercrime. With more than 100 billion DNS observations, DNSDB is the industry standard in historical passive DNS. Traditionally, DNSDB has offered only exact matches, or full-label front or back wildcard searches, such as "*.example.com" or "Example.*" DNSDB 2.0 adds new flexible search functions so users can better find - and filter out - only the data they need.

An influential UK Parliamentary committee has called on social media companies to remove covert hostile state material and said the government must "Name and shame" those that fail to act. We are concerned that there is no clear coordination of the numerous organisations across the UK intelligence community working on , this is reinforced by an unnecessarily complicated wiring diagram of responsibilities amongst ministers.... The focus of political attention because of its relevance to the EU referendum and subject to delay at the hands of Prime Minister and his office, the report also details use of technology and social media for nefarious Russian activity.