June 20, 2024 at 09:18AM The CHERI Alliance, launching in September, aims to enhance chip security by isolating hardware and software to safeguard against cyberattacks, addressing memory vulnerabilities particularly prevalent in ARM processors. The consortium, involving entities like University of Cambridge and SRI International, focuses on fine-grained memory protection for ARM, MIPS, and RISC-V architectures. … Read more
June 18, 2024 at 11:07AM The CHERI Alliance, formed by tech organizations, aims to promote the adoption of memory access security technology. CHERI, a hardware-based solution, targets vulnerabilities, such as buffer overflows, to enhance application security efficiently. While the initial members exclude Arm, the alliance welcomes collaboration with industry and aims to drive broader adoption … Read more
May 8, 2024 at 11:07AM Researchers discovered two new attack methods targeting high-performance Intel CPUs, collectively called Pathfinder. These attacks exploit the branch predictor to manipulate program control flow and execute Spectre-style attacks, potentially exposing confidential data, including AES encryption keys and secret images. Intel stated that existing mitigations for Spectre v1 help protect against … Read more
April 12, 2024 at 02:46PM Trend is fortifying its endpoint solutions to detect fileless attacks early by integrating Intel Threat Detection Technology, providing greater scalability and resiliency. Trend’s Worry-Free Business Solution will be the first to incorporate this technology, followed by Trend Apex One and Trend Vision One™. This collaboration sets a new standard for … Read more
April 10, 2024 at 06:33AM Researchers have disclosed the first native Spectre v2 exploit against the Linux kernel on Intel systems, called Native Branch History Injection (BHI), allowing to leak sensitive data from memory. The exploit can bypass existing mitigations and impacts all vulnerable Intel systems. Other recent related vulnerabilities include GhostRace and Ahoi Attacks, … Read more
April 2, 2024 at 03:32AM Apple’s reputation for security and processor performance is marred by the GoFetch flaw in its architecture, known years prior to the launch of Apple Silicon processors. The clash between speed and secrecy in high-end chip philosophy and the industry’s obsession with benchmarking hinders the timely discovery and prevention of vulnerabilities, … Read more
March 25, 2024 at 12:11PM ZenHammer is a variant of the Rowhammer DRAM attack specifically targeting AMD Zen CPUs and DDR4/DDR5 memory chips. Developed by researchers at ETH Zurich, it overcomes previous challenges for AMD chips and demonstrates successful bit flips in memory, posing a threat to data security and system privileges. Defenses involve software … Read more
March 22, 2024 at 11:06AM A new side-channel vulnerability, GoFetch, has been discovered in Apple Silicon processors, allowing malicious apps to extract cryptographic keys by exploiting the DMP feature. The vulnerability affects Apple M1, M2, and M3 chips, as well as Intel’s 13th Gen Raptor Lake microarchitecture. Disabling DMP may degrade performance, and third-party cryptographic … Read more
March 15, 2024 at 02:03PM A group of researchers has discovered a new data leakage attack called GhostRace (CVE-2024-2193), a variation of the spectre v1 vulnerability, impacting modern CPU architectures. This exploit allows unauthenticated attackers to extract sensitive data from the processor by accessing speculative executable code paths. Both AMD and Xen have provided solutions … Read more
February 28, 2024 at 07:45AM Intel announced new security features with the latest vPro platform and premium Core Ultra processors, including AI capabilities and hardware-based authentication. The Silicon Security Engine secures devices against firmware threats, while Device Health goes beyond Microsoft’s Secured PC Core requirement. Threat Detection Technology now uses NPU-assisted anomaly detection, and Hardware … Read more