Security News
BlackBerry has added a new feature to its endpoint detection and response platform Optics: An Intel-powered cryptojacking malware detection system. BlackBerry claims its cryptojacking EDR has "Virtually no processor impact" on Windows 10 systems that Optics runs on, allowing "Organizations [to] detect and mitigate cryptojacking with greater precision and consistent results across all types of workloads."
As far as we can see, the first wave of Intel processors that will include these new protections are the not-quite-out-yet CPUs known by the nickname "Tiger Lake", so if you're a programmer you can't actually start tinkering with the CET features just yet. Errors in using memory are one of the leading causes of software bugs that lead to security holes, known in the trade as vulnerabilities.
Intel's upcoming class of mobile CPUs, code named "Tiger Lake," will feature a long anticipated security layer, called Control-flow Enforcement Technology, which aims to protect against common malware attacks. "Intel CET delivers CPU-level security capabilities to help protect against common malware attack methods that have been a challenge to mitigate with software alone," said Tom Garrison, vice president and general manager of Client Security Strategy and Initiatives with Intel, in a Monday post.
Intel on Monday unveiled a new security technology for its processors that will help protect systems against attack methods commonly used by malware. Intel CET has two main components: indirect branch tracking, which should provide protection against jump oriented programming and call oriented programming attacks; and shadow stack, which provides return address protection against return-oriented programming attacks.
Known as Control Flow Enforcement Technology, or CET, the protections are designed to prevent miscreants from exploiting certain programming bugs to execute malicious code that infects systems with malware, steals data, spies on victims, and so on. There are various mitigations in place on modern systems, such as Data Execution Prevention, that stop hackers from injecting and executing malicious code into a program when a victim opens a specially crafted document or connects to a remote service.
If, for example, your program is reading through an array of data to perform a complex calculation based on all the values in it, the processor needs to make sure that you don't read past the end of your memory buffer, because that could allow someone else's private data to leak into your computation. The theory is that if the checks fail, the chip can just discard the internal data that it now knows is tainted by insecurity, so there's a possible performance boost without a security risk given that the security checks will ultimately prevent secret data being disclosed anyway.
There will be vulnerabilities that will allow attackers to manipulate or delete data across processes, potentially fatal in the computers controlling our cars or implanted medical devices. The new SGX attacks are known as SGAxe and CrossTalk.
Intel's Software Guard Extensions, known as SGX among friends, consist of a set of instructions for running a secure enclave inside an encrypted memory partition using certain Intel microprocessors. Sadly for Intel and those who depend on its technology, security researchers keep finding flaws in SGX. On Tuesday, two separate sets of boffins published papers describing SGX vulnerabilities, but they're not really quite as bad as is claimed.
The critical flaws exist in Intel's Active Management Technology, which is used for remote out-of-band management of personal computers. The two critical flaws exist in the IPv6 subsystem of AMT. The flaws could potentially enable an unauthenticated user to gain elevated privileges via network access.
Researchers have disclosed the details of a new speculative execution attack affecting many Intel processors, and they say this is the first vulnerability of this kind that allows hackers to obtain sensitive information across the cores of a CPU. The vulnerability was discovered by a team of researchers from Vrije Universiteit Amsterdam in the Netherlands and ETH Zurich in Switzerland. They initially reported their findings to Intel in September 2018 and nearly one year later they informed the tech giant about the possibility of cross-core leaks.