Security News

Boffins find if you torture AMD Zen+, Zen 2 CPUs enough, they are vulnerable to Meltdown-like attack
2021-08-30 21:49

Computer scientists at TU Dresden in Germany have found that AMD's Zen processor family is vulnerable to a data-bothering Meltdown-like attack after all. In a paper [PDF] titled "Transient Execution of Non-Canonical Accesses," released via ArXiv, Saidgani Musaev and Christof Fetzer analyzed AMD Zen+ and Zen 2 chips - namely the Epyc 7262, Ryzen 7 2700X, and the Threadripper 2990WX - and found that they were able to adversely manipulate the operation of the CPU cores.

Complexity has broken computer security, says academic who helped spot Meltdown and Spectre flaws
2020-10-02 15:15

Gruss and his colleagues discovered some of the biggest recent security snafus, including the Meltdown and Spectre microprocessor design flaws, a working Rowhammer exploit, attacks on Intel SGX including Plundervolt, and many more besides. The assistant professor also advanced his theory that as Moore's Law runs out, we'll use more and more systems with more and more processor and accelerator cores all interacting with each other, which means even more security risk.

Load Value Injection: Intel CPUs Vulnerable to Reverse Meltdown Attack
2020-03-10 17:00

Many processors made by Intel are vulnerable to a newly disclosed type of attack named Load Value Injection, but the chip maker has told customers that the attack is not very practical in real world environments. A variation of the LVI attack, dubbed Load Value Injection in the Line Fill Buffers, was also reported to Intel by researchers at Bitdefender.

Meltdown The Sequel strikes Intel chips – and full mitigation against data-meddling LVI flaw will slash performance
2020-03-10 17:00

Chipzilla's processors, already weighed down by defenses deployed against side-channel attacks over the past two years, could get slower still if they try to thwart this latest vulnerability: prototype compiler changes, for full mitigation, have produced performance reductions ranging from 2x to 19x. That's because LVI protection involves compiler and assembler updates that insert extra x86 instructions and replace problematic instructions with functionally equivalent but more verbose instruction sequences. "Being essentially a 'reverse Meltdown'-type attack, LVI abuses that a faulting or assisted load instruction executed within a victim domain does not always yield the expected result, but may instead transiently forward dummy values or data from various microarchitectural buffers."

You only LVI twice: Meltdown The Sequel strikes Intel chips – and full mitigation against data-meddling flaw will cost you 50%+ of performance
2020-03-10 17:00

Chipzilla's processors, already weighed down by defenses deployed against side-channel attacks over the past two years, could get slower still if they try to thwart this latest vulnerability: prototype compiler changes, for full mitigation, have produced performance reductions ranging from 2x to 19x. That's because LVI protection involves compiler and assembler updates that insert extra x86 instructions and replace problematic instructions with functionally equivalent but more verbose instruction sequences. "Being essentially a 'reverse Meltdown'-type attack, LVI abuses that a faulting or assisted load instruction executed within a victim domain does not always yield the expected result, but may instead transiently forward dummy values or data from various microarchitectural buffers."

BlueKeep Attacks Crash Systems Due to Meltdown Patch
2019-11-11 12:09

The recent attacks exploiting the BlueKeep vulnerability to deliver cryptocurrency miners caused some systems to crash due to a Meltdown patch being deployed on the targeted machines. read more

New SWAPGS Side-Channel Attack Bypasses Spectre and Meltdown Defenses
2019-08-07 13:55

Researchers demonstrate a new side-channel attack that bypass mitigations against Spectre and Meltdown.

OpenSSH adds protection against Spectre, Meltdown, RAMBleed
2019-06-24 12:10

OpenSSH, a widely used suite of programs for secure (SSH protocol-based) remote login, has been equipped with protection against side-channel attacks that could allow attackers to extract private...

Why MDS vulnerabilities present a threat as serious as Spectre and Meltdown
2019-05-15 18:00

Microarchitectural Data Sampling are CPU side-channel vulnerabilities that allow attackers to view in-flight data from CPU-internal buffers. Learn more about MDS attacks in this comprehensive guide.

Perpetual 'Meltdown': Security in the Post-Spectre Era
2019-03-28 17:18

SonicWall's Bill Conner on Side-Channel Attacks and Other Emerging ThreatsThe information security world has been beset by the emergence of multiple side-channel attacks, including Meltdown,...