Security News

Intel has been sued by a handful of PC buyers who claim the x86 goliath failed to act when informed five years ago about faulty chip instructions that allowed the recent Downfall vulnerability, and during that period sold billions of insecure chips. The lawsuit [PDF], filed on behalf of five plaintiffs in a US federal court in San Jose, California, claims Intel knew about the susceptibility of its AVX instruction set to side-channel attacks since 2018, but didn't fix the defect until the disclosure of the Downfall hole this year, leaving affected computer buyers with no other option than to apply a patch that slows performance by as much as 50 percent.

Red Piranha has released the latest Crystal Eye consolidated security platform officially in global collaboration with Intel on the 12th of October and more details on the Network Builders Panel with Intel later that month. The release of Crystal Eye 5.0 OS is timed with the new range of products launched in collaboration with Intel, aimed at the private data centre for managed services providers to provide Security as a Service and the Telco space for advanced, high-throughput security detection, designed for use across Smart Cities.

The second day of announcements at Intel's Innovation event in San Jose, California focused on privacy and security, including confidential AI. Major announcements included an attestation service for Intel Trust Authority and a software toolkit for fully homomorphic encryption. An attestation service will join the Intel Trust Authority, a security assessment platform released in 2022.

A new information stealer malware named 'MetaStealer' has appeared in the wild, stealing a wide variety of sensitive information from Intel-based macOS computers. Although the malware has some similarities with Atomic Stealer, another Go-based macOS targeting info-stealer, the code overlap is limited, and the delivery methods are different.

Zoom CISO Michael Adams discusses cybersecurity threats, solutions, and the futureIn this Help Net Security interview, we delve into the world of cybersecurity with Michael Adams, the CISO at Zoom. Using creative recruitment strategies to tackle the cybersecurity skills shortageIn this Help Net Security interview, Jon Check, Executive Director of Cybersecurity Protection Solutions at Raytheon, sheds light on the significance of internships and apprenticeships in nurturing the next generation of cyber defenders.

Downfall Vulnerability Affects Millions of Intel CPUs With Strong Data Leak Impact Learn technical details about this newly disclosed security vulnerability, as well as mitigation recommendations from the Google researcher who discovered it. Google researcher Daniel Moghimi discovered a new vulnerability affecting millions of Intel chip models.

A variety of Intel Core processors and the devices using them are vulnerable to "Downfall", a new class of attacks made possible by CVE-2022-40982, which enables attackers to access and steal sensitive data such as passwords, encryption keys, and private data from other users on the same personal or cloud computer. " is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software.

The advisory for that flaw, ADV230003, is related to last month's CVE-2023-36884 in Microsoft Office, and as the IT giant notes, it's a "Defense in depth update." Installing the update "Stops the attack chain leading to the Windows Search security feature bypass vulnerability," we're told. Finally the XMP-Toolkit-SDK update plugs an important security hole that could lead to application denial of service.

A senior research scientist at Google has devised new CPU attacks to exploit a vulnerability dubbed Downfall that affects multiple Intel microprocessor families and allows stealing passwords, encryption keys, and private data like emails, messages, or banking info from users that share the same computer. Moghimi developed two Downfall attack techniques, Gather Data Sampling - which is also the name Intel uses to refer to the issue and Gather Value Injection - which combines GDS with the Load Value Injection technique disclosed in 2020.

Nearly all of the FBI's technical intelligence on malicious "Cyber actors" in the first half of this year was obtained via Section 702 searches, according to FBI Director Christopher Wray. With the controversial FISA amendment set to expire at the end of the year, unless Congress reauthorizes the snooping clause, Wray has been making the rounds and delivering the same message: the FBI "Cannot afford to lose" Section 702.