Security News

Chipzilla's processors, already weighed down by defenses deployed against side-channel attacks over the past two years, could get slower still if they try to thwart this latest vulnerability: prototype compiler changes, for full mitigation, have produced performance reductions ranging from 2x to 19x. That's because LVI protection involves compiler and assembler updates that insert extra x86 instructions and replace problematic instructions with functionally equivalent but more verbose instruction sequences. "Being essentially a 'reverse Meltdown'-type attack, LVI abuses that a faulting or assisted load instruction executed within a victim domain does not always yield the expected result, but may instead transiently forward dummy values or data from various microarchitectural buffers."

Cybersecurity researchers have found a vulnerability within Intel's data center CPUs that gives attackers the ability to inject rogue values in certain microarchitectural structures and steal information. Bogdan Botezatu, director of threat research and reporting at Bitdefender, said these attacks are "Particularly devastating in multi-tenant environments such as enterprise workstations or servers in the datacenter, where one less-privileged tenant would be able to leak sensitive information from a more privileged user or from a different virtualized environment on top of the hypervisor."

Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The Hacker News. Tracked as CVE-2020-0551, dubbed "Load Value Injection in the Line Fill Buffers" or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information-encryption keys or passwords-from the protected memory and subsequently, take significant control over a targeted system.

Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The Hacker News. Tracked as CVE-2020-0551, dubbed "Load Value Injection in the Line Fill Buffers" or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information-encryption keys or passwords-from the protected memory and subsequently, take significant control over a targeted system.

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised. Intel CSME is a separate security micro-controller incorporated into the processors that provides an isolated execution environment protected from the host opening system running on the main CPU. It is responsible for the initial authentication of Intel-based systems by loading and verifying firmware components, root of trust based secure boot, and also cryptographically authenticates the BIOS, Microsoft System Guard, BitLocker, and other security features.

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised. Intel CSME is a separate security micro-controller incorporated into the processors that provides an isolated execution environment protected from the host opening system running on the main CPU. It is responsible for the initial authentication of Intel-based systems by loading and verifying firmware components, root of trust based secure boot, and also cryptographically authenticates the BIOS, Microsoft System Guard, BitLocker, and other security features.

Most Intel chipsets released in the past five years are affected by a vulnerability that can be exploited to obtain encrypted data and compromise data protection technologies, Positive Technologies revealed on Thursday. According to Positive Technologies, CVE-2019-0090 is an unfixable vulnerability that affects the Converged Security and Management Engine boot ROM on most Intel chipsets and system on chips, except for Ice Point chipsets.

It cannot be fixed without replacing the silicon, only mitigated, it is claimed: the design flaw is baked into millions of Intel processor chipsets manufactured over the past five years. Buried deep inside modern Intel chipsets is what's called the Management Engine, or these days, the Converged Security and Manageability Engine.

Intel patched over 230 vulnerabilities in its products last year, but less than a dozen impacted its processors, according to the company's 2019 Product Security Report. Intel said it learned of 236 vulnerabilities in 2019, including 144 discovered internally by its employees.

RSA CONFERENCE 2020 - San Francisco - Intel announced four new security capabilities and provided further information on its previously-announced Compute Lifecycle Assurance supply chain transparency initiative today at RSA Conference 2020 in San Francisco. Intel hardware is the bedrock of much of the world's computing capability.