Category Archives: intel

Researchers design a tool to identify the source of errors caused by software updates

We’ve all shared the frustration when it comes to errors – software updates that are intended to make our applications run faster inadvertently end up doing just the opposite. These bugs, dubbed in the computer science field as performance regressions, are time-consuming to fix since locating software errors normally requires substantial human intervention. Schematic illustrating how Muzahid’s deep learning algorithm works. The algorithm is ready for anomaly detection after it is first trained on performance … More

The post Researchers design a tool to identify the source of errors caused by software updates appeared first on Help Net Security.

News Wrap: Valentine’s Day Scams and Emotet’s Wi-Fi Hack

Top stories of this week include a new Emotet Wi-Fi hack and Robbinhood ransomware operators using a "bring your own bug" technique.

Cyber Security Roundup for February 2020

A roundup of UK focused cyber and information security news stories, blog posts, reports and threat intelligence from the previous calendar month, January 2020.

After years of dither and delay the UK government finally nailed its colours to the mast, no not Brexit but Huawei, permitting 'limited use' of the Chinese Telecoms giant's network appliances within the UK's new 5G infrastructure. Whether this is a good decision depends more on individual political persuasion than national security interest, so just like Brexit the general view on the decision is binary, either its a clever compromise or a complete sell out of UK national security. I personally believe the decision is more about national economics than national security, as I previously blogged in 'The UK Government Huawei Dilemma and the Brexit Factor'. The UK government is playing a delicate balancing to safeguard potentially massive trade deals with both of the world's largest economic superpowers, China and United States. An outright US style ban Huawei would seriously jeopardise billions of pounds worth of Chinese investment into the UK economy. While on the security front, Huawei's role will be restricted to protect the UK's critical national infrastructure, with Huawei's equipment banned from use within the core of the 5G infrastructure. The UK National Cyber Security Centre (NCSC) published a document which provides guidance to high risk network providers on the use of Huawei tech.
UK Gov agrees to 'limited' Huawei involvement within UK 5G

UK business targeted ransomware continues to rear its ugly head in 2020, this time global foreign exchange firm Travelex's operations were all brought to a shuddering halt after a major ransomware attack took down Travelex's IT systems. Travelex services impacted included their UK business, international websites, mobile apps, and white-labelled services for the likes of Tesco, Sainsburys, Virgin Money, Barclays and RBS. The ransomware in question was named as Sodinokibi, with numerous media reports strongly suggesting the Sodinokibi ransomware infiltrated the Travelex network through unpatched vulnerable Pulse Secure VPN servers, which the National Cyber Security Centre had apparently previously detected and warned Travelex about many months earlier. Could be some truth in this, given the Sodinokibi ransomware is known to infect through remote access systems, including vulnerable Pulse Secure VPN servers. The cybercriminal group behind the attack, also known as Sodin and REvil, demanded £4.6 million in ransom payment, and had also claimed to have taken 5Gb of Travelex customer data. Travelex reported no customer data had been breached, however, its money exchange services remained offline for well over two weeks after reporting the incident, with the firm advising it expected most of its travel exchange services to be back operational by the end of January.

The same Sodinokibi criminal group behind the Travelex attack also claimed responsibility for what was described by German automotive parts supplier Gedia Automotive Group, as a 'massive cyber attack'. Gedia said it would take weeks to months before its IT systems were up and running as normal. According to analysis by US cyber security firm Bad Packets, the German firm also had an unpatched Pulse Secure VPN server on its network perimeter which left it exposed to the ransomware attack. Gedia patched their server VPN on 4th January.

Leeds based medical tech company Tissue Regenix halted its US manufacturing operation after unauthorised party accessed its IT systems. To date there hasn't been any details about the nature of this cyber attack, but a manufacturing shutdown is a hallmark of a mass ransomware infection. Reuters reported shares in the company dropped 22% following their cyber attack disclosure.

London based marine consultancy company LOC was hacked and held to be ransom by cybercriminals. It was reported computers were 'locked' and 300Gb of company data were stolen by a criminal group, investigations on this hack are still ongoing.

Its seem every month I report a massive data breach due to the misconfiguration of a cloud server, but I never expected one of leading global cloud providers, Microsoft, to be caught out by such a school boy error. Microsoft reported a database misconfiguration of their Elasticsearch servers exposed 250 million customer support records between 5th and 19th December 2019. Some of the non-redacted data exposed included customer email addresses; IP addresses; locations; descriptions of customer support claims and cases; Microsoft support agent emails; case numbers, resolutions and remarks; and confidential internal notes. It is not known if any unauthorised parties had accessed any of the leaked data.

Cyber attacks against the UK defence industry hit unprecedented highs according government documentation obtained by Sky News. Sky News revealed the MoD and its partners failed to protect military and defence data in 37 incidents in 2017 and 34 incidents in first 10 months of 2018, with military data exposed to nation-level cyber actors on dozens of occasions.

It was another fairly busy month for Microsoft patches, including an NSA revealed critical flaw in Windows 10. January also saw the end of security updates support for Windows 7 and Windows Server 2008, unless you pay Microsoft extra for extended support.

According to a World Economic Forum (WEF) study, most of the world's airports cybersecurity is not up to scratch. WEF reported 97 of the world’s 100 largest airports have vulnerable web and mobile applications, misconfigured public cloud and dark web leaks. Findings summary were:

  • 97% of the websites contain outdated web software.
  • 24% of the websites contain known and exploitable vulnerabilities.
  • 76% and 73% of the websites are not compliant with GDPR and PCI DSS, respectively.
  • 100% of the mobile apps contain at least five external software frameworks.
  • 100% of the mobile apps contain at least two vulnerabilities.
Elsewhere in the world, it was reported a US Department of Defence contractor had its web servers (and thus its websites) taken down by the Ryuk ransomware. Houston-based steakhouse Landry advised it was hit by a point-of-sale malware attack which stole customer payment card data. Stolen customer payment card data taken from a Pennsylvania-based convenience store and petrol station operator was found for sale online. Ahead of the Superbowl LIV Twitter and Facebook accounts for 15 NFL teams were hacked. The hacking group OurMine took responsibility for the NFL franchise attacks, which said it was to demonstrate internet security was "still low" and had to be improved upon. Sonos apologised after accidentally revealing hundreds of customer email addresses to each other. And a ransomware took a US Maritime base offline for 30 hours.

Dallas County Attorney finally applied some common-sense, dropping charges against two Coalfire Red Teamers. The two Coalfire employees had been arrested on 11th September 2019 while conducting a physical penetration test of the Dallas County courthouse. The Perry News quoted a police report which said upon arrest the two men stated, “they were contracted to break into the building for Iowa courts to check the security of the building". After the charges were dropped at the end of January Coalfire CEO Tom McAndrew said, 'With positive lessons learned, a new dialogue now begins with a focus on improving best practices and elevating the alignment between security professionals and law enforcement”. Adding “We’re grateful to the global security community for their support throughout this experience.”


BLOG
NEWS
VULNERABILITIES AND SECURITY UPDATES
AWARENESS, EDUCATION AND THREAT INTELLIGENCE

Intel processor constraint to continue in 2020, says HPE

Hewlett Packard Enterprise has warned the industry to brace for an Intel processor shortage throughout 2020, specifically the Intel Cascade Lake server processors. After issuing a statement to The Register earlier this week, HPE’s Canadian division provided IT World Canada with a similar message: “HPE is experiencing a constraint on certain processors. There are other processors…

CES 2020: Intel shows off Tiger Lake processors with ‘double-digit performance gains’ and new graphics

At the Intel CES 2020 conference on Jan. 6th, Intel gave a glimpse of its Tiger Lake processor, the next-gen processor that will succeed Ice Lake launched just last year.

Tiger Lake will be manufactured on 10nm+, a refined version of Intel’s current 10nm transistors. The more pluses there are behind the node’s name, the more mature the transistor process. Improved manufacturing processes usually bring better energy efficiency and higher transistor density. For example, Intel’s Coffee Lake processors are manufactured using its 14nm++ transistors.

Also:

Intel Tiger Lake, NUC, Comet Lake-H sneak peek


Through fine-tuning the architecture, Intel promised that Tiger Lake will bring “double-digit performance gains” over Ice Lake. In addition, it will be updated with a next-generation AI engine and even more robust integrated graphics based on its new Xe graphics architecture.

The press conference heavily underscored the importance and utility of AI for professional creatives. Tools like Tapaz can sharpen blurry photos automatically; Adobe Photoshop and Premier can also take advantage of Intel’s AI engine to make better object selections and dynamic subject trimming in videos.

Gregory Bryant, executive vice-president of Intel computing group, shows off a tiny motherboard designed for Tiger Lake. Photo by Tom Li.

To demonstrate its graphics performance, Intel showed a Tiger Lake equipped laptop running several popular videogames at consistent 60 frames per second at 1080p resolution.

Tiger Lake will support Thunderbolt 4 and Wi-Fi 6.

Intel supplemented the Tiger Lake news by showing off a motherboard almost as small as a smartphone. While the company didn’t announce where such a concept would be used, it can enable more computing power in ultra-compact systems such as the Intel NUC.

Tiger Lake is expected to arrive later this year.

 

Plundervolt! A new Intel Processor ‘undervolting’ Vulnerability

Researchers at the University of Birmingham have identified a weakness in Intel’s processors: by 'undervolting' the CPU, Intel’s secure enclave technology becomes vulnerable to attack.
A little bit of undervolting can cause a lot of problems

Modern processors are being pushed to perform faster than ever before – and with this comes increases in heat and power consumption. To manage this, many chip manufacturers allow frequency and voltage to be adjusted as and when needed – known as ‘undervolting’ or ‘overvolting’. This is done through privileged software interfaces, such as a “model-specific register” in Intel Core processors.

An international team of researchers from the University of Birmingham’s School of Computer Science along with researchers from imec-DistriNet (KU Leuven) and Graz University of Technology has been investigating how these interfaces can be exploited in Intel Core processors to undermine the system’s security in a project called Plundervolt.

Results released today and accepted to IEEE Security & Privacy 2020, show how the team was able to corrupt the integrity of Intel SGX on Intel Core processors by controlling the voltage when executing enclave computations – a method used to shield sensitive computations for example from malware. This means that even Intel SGX's memory encryption and authentication technology cannot protect against Plundervolt.

Intel has already responded to the security threat by supplying a microcode update to mitigate Plundervolt. The vulnerability has a CVSS base score of 7.9. high under CVE-2019-11157.
David Oswald, Senior Lecturer in Computer Security at the University of Birmingham, says: “To our knowledge, the weakness we’ve uncovered will only affect the security of SGX enclaves. Intel responded swiftly to the threat and users can protect their SGX enclaves by downloading Intel’s update.”