Security News
Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. Short for Spectre based on LAM, the SLAM attack was discovered by researchers at Systems and Network Security Group at Vrije Universiteit Amsterdam, who demonstrated its validity by emulating the upcoming LAM feature from Intel on a last-generation Ubuntu system.
Intel has published a fix for a potential vulnerability that affected some Intel processors. On Nov. 14, Intel addressed the potential flaw in a variety of processors.
Citrix has released hotfixes for two vulnerabilities impacting Citrix Hypervisor, one of them being the "Reptar" high-severity flaw that affects Intel CPUs for desktop and server systems. "Although this is not an issue in the Citrix Hypervisor product itself, we have included updated Intel microcode to mitigate this CPU hardware issue," reads the advisory.
Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the...
Intel has fixed a high-severity CPU vulnerability in its modern desktop, server, mobile, and embedded CPUs, including the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures. "Under certain microarchitectural conditions, Intel has identified cases where execution of an instruction encoded with a redundant REX prefix may result in unpredictable system behavior resulting in a system crash/hang, or, in some limited scenarios, may allow escalation of privilege from CPL3 to CPL0," Intel said.
Intel on Tuesday issued an out-of-band security update to address a privilege escalation vulnerability in recent server and personal computer chips. The flaw, designated INTEL-SA-00950 and given a CVSS 3.0 score of 8.8 out of 10, affects Intel Sapphire Rapids, Alder Lake, and Raptor Lake chip families.
Intel has been sued by a handful of PC buyers who claim the x86 goliath failed to act when informed five years ago about faulty chip instructions that allowed the recent Downfall vulnerability, and during that period sold billions of insecure chips. The lawsuit [PDF], filed on behalf of five plaintiffs in a US federal court in San Jose, California, claims Intel knew about the susceptibility of its AVX instruction set to side-channel attacks since 2018, but didn't fix the defect until the disclosure of the Downfall hole this year, leaving affected computer buyers with no other option than to apply a patch that slows performance by as much as 50 percent.
Red Piranha has released the latest Crystal Eye consolidated security platform officially in global collaboration with Intel on the 12th of October and more details on the Network Builders Panel with Intel later that month. The release of Crystal Eye 5.0 OS is timed with the new range of products launched in collaboration with Intel, aimed at the private data centre for managed services providers to provide Security as a Service and the Telco space for advanced, high-throughput security detection, designed for use across Smart Cities.
The second day of announcements at Intel's Innovation event in San Jose, California focused on privacy and security, including confidential AI. Major announcements included an attestation service for Intel Trust Authority and a software toolkit for fully homomorphic encryption. An attestation service will join the Intel Trust Authority, a security assessment platform released in 2022.
A new information stealer malware named 'MetaStealer' has appeared in the wild, stealing a wide variety of sensitive information from Intel-based macOS computers. Although the malware has some similarities with Atomic Stealer, another Go-based macOS targeting info-stealer, the code overlap is limited, and the delivery methods are different.