Security News

A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling. "In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. [.] Hertzbleed is a real, and practical, threat to the security of cryptographic software," the security researchers explain.

Intel has released a reference design for a plug-in security card aimed at delivering improved network and security processing without requiring the additional rackspace a discrete appliance would need. The NetSec Accelerator Reference Design [PDF] is effectively a fully functional x86 compute node delivered as a PCIe card that can be fitted into an existing server.

The notorious Conti ransomware gang has working proof-of-concept code to exploit low-level Intel firmware vulnerabilities, according to Eclypsium researchers. Recently leaked Conti documents show the criminals developed the software more than nine months ago, and this is important because exploiting these kinds of weaknesses expands the extend and depth of an intrusion, the firmware security shop's analysis noted.

Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. It is important to note that contrary to TrickBot's module that targeted UEFI firmware flaws, aiding Conti infections and later undertaken by the ransomware group, the new findings indicate that the malicious engineers were striving to discover new, unknown vulnerabilities in the ME. Firmware attacks in ransomware.

Intel has disclosed high-severity bugs in its firmware that's used in datacenter servers, workstations, mobile devices, storage products, and other gear. In addition to patching these high-severity vulnerabilities, Intel also issued an advisory for what it's called a speculative cross-store bypass, a data-leaking hardware-level security shortcoming it reckons is low in severity and which affects some of its processors.

Chipmaker Intel is reporting a memory bug impacting microprocessor firmware used in "Hundreds" of products. "Potential security vulnerabilities in some Intel Optane SSD and Intel Optane SSD Data Center products may allow escalation of privilege, denial of service or information disclosure," reported Intel.

Uncle Sam will dole out up to $10 million for vital information on each of six Russian GRU officers linked to the Kremlin-backed Sandworm gang, who, according to the Feds, have plotted to carry out destructive cyber-attacks against American critical infrastructure. It's hoped the money, offered via the US Department of State's Rewards for Justice program, will lead to the snaring of the following men said to be Russian intelligence officers: Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin.

An Intel study finds that businesses are eager for cybersecurity and are keen to see how security can be baked into devices. Hardware-assisted security uses hardware extensions and components to support the security of higher-level machine layers, from the BIOS up through desktop applications.

US chipmaker Intel announced Tuesday night that it had suspended all business operations in Russia, joining tech other companies who pulled out of the country due to the invasion of Ukraine. Intel had already suspended all shipments to customers in Russia and Belarus last month after the US government issued sweeping sanctions that prevented the export of technology to the countries.

Intel this month published an advisory to address a novel Spectre v2 vulnerability in its processors that can be exploited by malware to steal data from memory that should otherwise be off limits. Spectre is one of two closely related chip architecture blunders, details of which emerged in 2018; the other being Meltdown that The Register first highlighted.