Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-03-07

New AMD Side Channel Attacks Discovered, Impacts Zen Architecture

www.tomshardware.com/news/new-amd-side-channel-attacks-discovered-impacts-zen-architecture A new paper released by the Graz University of Technology details two new “Take A Way” attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor. The researchers claim that the vulnerability impacts all AMD processors from 2011 to 2019, meaning that the Zen microarchitecture is also impacted.

This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years

thehackernews.com/2020/03/intel-csme-vulnerability.html All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised.. The vulnerability, tracked as CVE-2019-0090, resides in the hard-coded firmware running on the ROM (“read-only memory”) of the Intel’s Converged Security and Management Engine (CSME), which can’t be patched without replacing the silicon.

Zoho Releases Security Update on ManageEngine Desktop Central

www.us-cert.gov/ncas/current-activity/2020/03/06/zoho-releases-security-update-manageengine-desktop-central Zoho has released a security update on a vulnerability (CVE-2020-10189) affecting ManageEngine Desktop Central build 10.0.473 and below. A remote attacker could exploit this vulnerability to take control of an affected system. see also

www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html

FBI Warns of BEC Attacks Abusing Microsoft Office 365, Google G Suite

www.bleepingcomputer.com/news/security/fbi-warns-of-bec-attacks-abusing-microsoft-office-365-google-g-suite/ The US Federal Bureau of Investigation (FBI) warned private industry partners of threat actors abusing Microsoft Office 365 and Google G Suite as part of Business Email Compromise (BEC) attacks.. “Between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling over $2.1 billion in actual losses from BEC scams targeting Microsoft Office 365 and Google G Suite.”

FYI: When Virgin Media said it leaked ‘limited contact info’, it meant p0rno filter requests, IP addresses, IMEIs as well as names, addresses and more

www.theregister.co.uk/2020/03/06/virgin_more_leak_details/

Chain Reactor: Simulate Adversary Behaviors on Linux

isc.sans.edu/forums/diary/Chain+Reactor+Simulate+Adversary+Behaviors+on+Linux/25872/

As the U.S. spied on the world, the CIA and NSA bickered

www.washingtonpost.com/national-security/as-the-us-spied-on-the-world-the-cia-and-nsa-bickered/2020/03/06/630a4e72-5365-11ea-b119-4faabac6674f_story.html U.S. spy agencies were on the verge of an espionage breakthrough, closing in on the clandestine purchase of a Swiss company that could give American intelligence the ability to crack much of the worlds encrypted communications.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.