We’ve all shared the frustration when it comes to errors – software updates that are intended to make our applications run faster inadvertently end up doing just the opposite. These bugs, dubbed in the computer science field as performance regressions, are time-consuming to fix since locating software errors normally requires substantial human intervention. Schematic illustrating how Muzahid’s deep learning algorithm works. The algorithm is ready for anomaly detection after it is first trained on performance … More →
UK Gov agrees to 'limited' Huawei involvement within UK 5G
UK business targeted ransomware continues to rear its ugly head in 2020, this time global foreign exchange firm Travelex's operations were all brought to a shuddering halt after a major ransomware attack took down Travelex's IT systems. Travelex services impacted included their UK business, international websites, mobile apps, and white-labelled services for the likes of Tesco, Sainsburys, Virgin Money, Barclays and RBS. The ransomware in question was named as Sodinokibi, with numerous media reports strongly suggesting the Sodinokibi ransomware infiltrated the Travelex network through unpatched vulnerable Pulse Secure VPN servers, which the National Cyber Security Centre had apparently previously detected and warned Travelex about many months earlier. Could be some truth in this, given the Sodinokibi ransomware is known to infect through remote access systems, including vulnerable Pulse Secure VPN servers. The cybercriminal group behind the attack, also known as Sodin and REvil, demanded £4.6 million in ransom payment, and had also claimed to have taken 5Gb of Travelex customer data. Travelex reported no customer data had been breached, however, its money exchange services remained offline for well over two weeks after reporting the incident, with the firm advising it expected most of its travel exchange services to be back operational by the end of January.
Its seem every month I report a massive data breach due to the misconfiguration of a cloud server, but I never expected one of leading global cloud providers, Microsoft, to be caught out by such a school boy error. Microsoft reported a database misconfiguration of their Elasticsearch servers exposed 250 million customer support records between 5th and 19th December 2019. Some of the non-redacted data exposed included customer email addresses; IP addresses; locations; descriptions of customer support claims and cases; Microsoft support agent emails; case numbers, resolutions and remarks; and confidential internal notes. It is not known if any unauthorised parties had accessed any of the leaked data.
Dallas County Attorney finally applied some common-sense, dropping charges against two Coalfire Red Teamers. The two Coalfire employees had been arrested on 11th September 2019 while conducting a physical penetration test of the Dallas County courthouse. The Perry News quoted a police report which said upon arrest the two men stated, “they were contracted to break into the building for Iowa courts to check the security of the building". After the charges were dropped at the end of January Coalfire CEO Tom McAndrew said, 'With positive lessons learned, a new dialogue now begins with a focus on improving best practices and elevating the alignment between security professionals and law enforcement”. Adding “We’re grateful to the global security community for their support throughout this experience.” BLOG
Hewlett Packard Enterprise has warned the industry to brace for an Intel processor shortage throughout 2020, specifically the Intel Cascade Lake server processors. After issuing a statement to The Register earlier this week, HPE’s Canadian division provided IT World Canada with a similar message: “HPE is experiencing a constraint on certain processors. There are other processors…
At the Intel CES 2020 conference on Jan. 6th, Intel gave a glimpse of its Tiger Lake processor, the next-gen processor that will succeed Ice Lake launched just last year.
Tiger Lake will be manufactured on 10nm+, a refined version of Intel’s current 10nm transistors. The more pluses there are behind the node’s name, the more mature the transistor process. Improved manufacturing processes usually bring better energy efficiency and higher transistor density. For example, Intel’s Coffee Lake processors are manufactured using its 14nm++ transistors.
Through fine-tuning the architecture, Intel promised that Tiger Lake will bring “double-digit performance gains” over Ice Lake. In addition, it will be updated with a next-generation AI engine and even more robust integrated graphics based on its new Xe graphics architecture.
The press conference heavily underscored the importance and utility of AI for professional creatives. Tools like Tapaz can sharpen blurry photos automatically; Adobe Photoshop and Premier can also take advantage of Intel’s AI engine to make better object selections and dynamic subject trimming in videos.
To demonstrate its graphics performance, Intel showed a Tiger Lake equipped laptop running several popular videogames at consistent 60 frames per second at 1080p resolution.
Tiger Lake will support Thunderbolt 4 and Wi-Fi 6.
Intel supplemented the Tiger Lake news by showing off a motherboard almost as small as a smartphone. While the company didn’t announce where such a concept would be used, it can enable more computing power in ultra-compact systems such as the Intel NUC.
Researchers at the University of Birmingham have identified a weakness in Intel’s processors: by 'undervolting' the CPU, Intel’s secure enclave technology becomes vulnerable to attack.
A little bit of undervolting can cause a lot of problems
Modern processors are being pushed to perform faster than ever before – and with this comes increases in heat and power consumption. To manage this, many chip manufacturers allow frequency and voltage to be adjusted as and when needed – known as ‘undervolting’ or ‘overvolting’. This is done through privileged software interfaces, such as a “model-specific register” in Intel Core processors. An international team of researchers from the University of Birmingham’s School of Computer Science along with researchers from imec-DistriNet (KU Leuven) and Graz University of Technology has been investigating how these interfaces can be exploited in Intel Core processors to undermine the system’s security in a project called Plundervolt. Results released today and accepted to IEEE Security & Privacy 2020, show how the team was able to corrupt the integrity of Intel SGX on Intel Core processors by controlling the voltage when executing enclave computations – a method used to shield sensitive computations for example from malware. This means that even Intel SGX's memory encryption and authentication technology cannot protect against Plundervolt. Intel has already responded to the security threat by supplying a microcode update to mitigate Plundervolt. The vulnerability has a CVSS base score of 7.9. high under CVE-2019-11157.
Vulnerable processors are Intel 6th, 7th, 8th, 9th and 10th Generation Core Processors, Intel Xeon E3 v5 & v6, and Intel Xeon E-2100 & E-2200 families
David Oswald, Senior Lecturer in Computer Security at the University of Birmingham, says: “To our knowledge, the weakness we’ve uncovered will only affect the security of SGX enclaves. Intel responded swiftly to the threat and users can protect their SGX enclaves by downloading Intel’s update.”