Security News
US chipmaker Intel announced Tuesday night that it had suspended all business operations in Russia, joining tech other companies who pulled out of the country due to the invasion of Ukraine. Intel had already suspended all shipments to customers in Russia and Belarus last month after the US government issued sweeping sanctions that prevented the export of technology to the countries.
Intel this month published an advisory to address a novel Spectre v2 vulnerability in its processors that can be exploited by malware to steal data from memory that should otherwise be off limits. Spectre is one of two closely related chip architecture blunders, details of which emerged in 2018; the other being Meltdown that The Register first highlighted.
Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm and stage speculative execution attacks such as Spectre to leak sensitive information from host memory.Attacks like Spectre are designed to break the isolation between different applications by taking advantage of an optimization technique called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets.
Security researchers have found new a new way to bypass existing hardware-based defenses for speculative execution in modern computer processors from Intel, AMD, and Arm. Today, the three CPU manufacturers have published advisories accompanied by mitigation updates and security recommendations to tackle recently discovered issues that allow leaking of sensitive information despite isolation-based protections.
Google is buying pre-eminent threat intel firm Mandiant for $5.4bn, the two companies announced this morning. "Cyber security is a mission, and we believe it's one of the most important of our generation. Google Cloud shares our mission-driven culture to bring security to every organization," said Kevin Mandia, CEO of Mandiant in a canned statement.
While Ukraine is yet to become a member of the North Atlantic Treaty Organization, the country has been accepted as a contributing participant to the NATO Cooperative Cyber Defence Centre of Excellence. Although this does not make Ukraine a NATO member, it will likely tighten collaboration and allow it to gain access to NATO member nations' cyber-expertise and share its own.
Microsoft's attempt to put its homegrown Pluton security processor architecture into third-party Windows 11 PCs is right now more work-in-progress than the slam dunk its publicity would have you believe. Pluton is the software giant's move to define a level of security that should be baked into microprocessors that run its Windows OS. Pluton implementations are supposed to securely store and safeguard encryption keys, credentials, and other sensitive information, such as biometric data, within the processor package, making it difficult for miscreants to extract this info.
Intel says its engineers are partnering with security researchers to hunt for vulnerabilities in firmware, GPUs, hypervisors, chipsets, and other products in a new expansion to its bug bounty program. Last year, 97 out of the 113 externally found security vulnerabilities were reported by researchers who joined the public bug bounty program, according to Intel.
The Register broke the Meltdown story on January 2, 2018, as Intel and those who confidentially reported the security vulnerability were preparing to disclose them. To defend against Meltdown and Spectre, Intel and other affected vendors have had to add software and hardware mitigations that for some workloads make patched processors mildly to significantly slower.
Intel has removed support for SGX in 12th Generation Intel Core 11000 and 12000 processors, rendering modern PCs unable to playback Blu-ray disks in 4K resolution. This technical problem arises from the fact that Blu-ray disks require Digital Rights Management, which needs the presence of SGX to work.