Security News

Known as BlueLeaks, the info trove consists mostly of crime intelligence material uploaded to what are known as fusion centers. Created in the aftermath of the September 11 terror attacks, serve as a way for state and county cops to share information with one another and with the FBI and US Homeland security.

Intel introduced its 3rd Gen Intel Xeon Scalable processors and additions to its hardware and software AI portfolio, enabling customers to accelerate the development and use of artificial intelligence and analytics workloads running in data center, network and intelligent-edge environments. Intel is further extending its investment in built-in AI acceleration in the new 3rd Gen Intel Xeon Scalable processors through the integration of bfloat16 support into the processor's unique Intel DL Boost technology.

BlackBerry has added a new feature to its endpoint detection and response platform Optics: An Intel-powered cryptojacking malware detection system. BlackBerry claims its cryptojacking EDR has "Virtually no processor impact" on Windows 10 systems that Optics runs on, allowing "Organizations [to] detect and mitigate cryptojacking with greater precision and consistent results across all types of workloads."

As far as we can see, the first wave of Intel processors that will include these new protections are the not-quite-out-yet CPUs known by the nickname "Tiger Lake", so if you're a programmer you can't actually start tinkering with the CET features just yet. Errors in using memory are one of the leading causes of software bugs that lead to security holes, known in the trade as vulnerabilities.

Intel's upcoming class of mobile CPUs, code named "Tiger Lake," will feature a long anticipated security layer, called Control-flow Enforcement Technology, which aims to protect against common malware attacks. "Intel CET delivers CPU-level security capabilities to help protect against common malware attack methods that have been a challenge to mitigate with software alone," said Tom Garrison, vice president and general manager of Client Security Strategy and Initiatives with Intel, in a Monday post.

Intel on Monday unveiled a new security technology for its processors that will help protect systems against attack methods commonly used by malware. Intel CET has two main components: indirect branch tracking, which should provide protection against jump oriented programming and call oriented programming attacks; and shadow stack, which provides return address protection against return-oriented programming attacks.

Known as Control Flow Enforcement Technology, or CET, the protections are designed to prevent miscreants from exploiting certain programming bugs to execute malicious code that infects systems with malware, steals data, spies on victims, and so on. There are various mitigations in place on modern systems, such as Data Execution Prevention, that stop hackers from injecting and executing malicious code into a program when a victim opens a specially crafted document or connects to a remote service.

If, for example, your program is reading through an array of data to perform a complex calculation based on all the values in it, the processor needs to make sure that you don't read past the end of your memory buffer, because that could allow someone else's private data to leak into your computation. The theory is that if the checks fail, the chip can just discard the internal data that it now knows is tainted by insecurity, so there's a possible performance boost without a security risk given that the security checks will ultimately prevent secret data being disclosed anyway.

There will be vulnerabilities that will allow attackers to manipulate or delete data across processes, potentially fatal in the computers controlling our cars or implanted medical devices. The new SGX attacks are known as SGAxe and CrossTalk.

Intel's Software Guard Extensions, known as SGX among friends, consist of a set of instructions for running a secure enclave inside an encrypted memory partition using certain Intel microprocessors. Sadly for Intel and those who depend on its technology, security researchers keep finding flaws in SGX. On Tuesday, two separate sets of boffins published papers describing SGX vulnerabilities, but they're not really quite as bad as is claimed.