phone

    • chevron_right

      “Downfall” bug affects years of Intel CPUs, can leak encryption keys and more

      news.movim.eu / ArsTechnica · Wednesday, 9 August, 2023 - 19:12

    An 8th-generation Intel Core desktop CPU, one of several CPU generations affected by the Downfall bug.

    Enlarge / An 8th-generation Intel Core desktop CPU, one of several CPU generations affected by the Downfall bug. (credit: Mark Walton)

    It's a big week for CPU security vulnerabilities. Yesterday, different security researchers published details on two different vulnerabilities, one affecting multiple generations of Intel processors and another affecting the newest AMD CPUs. " Downfall " and " Inception " (respectively) are different bugs, but both involve modern processors' extensive use of speculative execution (a la the original Meltdown and Spectre bugs ), both are described as being of "medium" severity, and both can be patched either with OS-level microcode updates or firmware updates with fixes incorporated.

    AMD and Intel have both already released OS-level microcode software updates to address both issues. Both companies have also said that they're not aware of any active in-the-wild exploits of either vulnerability. Consumer, workstation, and server CPUs are all affected, making patching particularly important for server administrators.

    It will be up to your PC, server, or motherboard manufacturer to release firmware updates with the fixes after Intel and AMD make them available.

    Read 13 remaining paragraphs | Comments

    • chevron_right

      Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1

      news.movim.eu / ArsTechnica · Friday, 21 July, 2023 - 18:51

    Cartoon image of a desktop computer under attack from viruses.

    Enlarge (credit: Aurich Lawson / Ars Technica )

    Organizations that have yet to patch a 9.8-severity vulnerability in network devices made by Zyxel have emerged as public nuisance No. 1 as a sizable number of them continue to be exploited and wrangled into botnets that wage DDoS attacks.

    Zyxel patched the flaw on April 25. Five weeks later, Shadowserver, an organization that monitors Internet threats in real time, warned that many Zyxel firewalls and VPN servers had been compromised in attacks that showed no signs of stopping. The Shadowserver assessment at the time was: “If you have a vulnerable device exposed, assume compromise .”

    On Wednesday—12 weeks since Zyxel delivered a patch and seven weeks since Shadowserver sounded the alarm—security firm Fortinet published research reporting a surge in exploit activity being carried out by multiple threat actors in recent weeks. As was the case with the active compromises Shadowserver reported, the attacks came overwhelmingly from variants based on Mirai, an open source application hackers use to identify and exploit common vulnerabilities in routers and other Internet of Things devices.

    Read 8 remaining paragraphs | Comments

    • chevron_right

      Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns

      news.movim.eu / ArsTechnica · Tuesday, 18 July, 2023 - 20:22

    Photograph depicts a security scanner extracting virus from a string of binary code. Hand with the word "exploit"

    Enlarge (credit: Getty Images)

    Organizations big and small are once again scrambling to patch critical vulnerabilities that are already under active exploitation and cause the kind of breaches coveted by ransomware actors and nation-state spies.

    The exploited vulnerabilities—one in Adobe ColdFusion and the other in various Citrix NetScaler products—allow for the remote execution of malicious code. Citrix on Tuesday patched the vulnerabilities, but not before threat actors exploited them . The most critical vulnerability, tracked as CVE-2023-3519, lurks in Citrix’s NetScaler ADC and NetScaler Gateway products. It carries a severity rating of 9.8 out of a possible 10 because it allows hackers to execute code remotely with no authentication required.

    “This product line is a popular target for attackers of all skill levels, and we expect that exploitation will increase quickly,” researchers from Rapid7, the security firm that detected the attacks, warned Tuesday .

    Read 7 remaining paragraphs | Comments

    • chevron_right

      Critical Windows code-execution vulnerability went undetected until now

      news.movim.eu / ArsTechnica · Monday, 19 December, 2022 - 18:46

    Skull and crossbones in binary code

    Enlarge (credit: Getty Images )

    Researchers recently discovered a Windows code-execution vulnerability that has the potential to rival EternalBlue, the name of a different Windows security flaw used to detonate WannaCry, the ransomware that shut down computer networks across the world in 2017.

    Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. Also, like EternalBlue, it’s wormable, meaning that a single exploit can trigger a chain reaction of self-replicating follow-on exploits on other vulnerable systems. The wormability of EternalBlue allowed WannaCry and several other attacks to spread across the world in a matter of minutes with no user interaction required.

    But unlike EternalBlue, which could be exploited when using only the SMB, or server message block, a protocol for file and printer sharing and similar network activities, this latest vulnerability is present in a much broader range of network protocols, giving attackers more flexibility than they had when exploiting the older vulnerability.

    Read 6 remaining paragraphs | Comments

    • chevron_right

      OpenSSL 3 patch, once Heartbleed-level “critical,” arrives as a lesser “high”

      news.movim.eu / ArsTechnica · Tuesday, 1 November, 2022 - 18:05 · 1 minute

    The fallout of an OpenSSL vulnerability, initially listed as "critical," should be much less severe than that of the last critical OpenSSL bug, Heartbleed.

    Enlarge / The fallout of an OpenSSL vulnerability, initially listed as "critical," should be much less severe than that of the last critical OpenSSL bug, Heartbleed.

    An OpenSSL vulnerability once signaled as the first critical-level patch since the Internet-reshaping Heartbleed bug has just been patched . It ultimately arrived as a "high" security fix for a buffer overflow, one that affects all OpenSSL 3.x installations, but is unlikely to lead to remote code execution.

    OpenSSL version 3.0.7 was announced last week as a critical security fix release. The specific vulnerabilities (now CVE-2022-37786 and CVE-2022-3602 ) had been largely unknown until today, but analysts and businesses in the web security field hinted there could be notable problems and maintenance pain. Some Linux distributions, including Fedora , held up releases until the patch was available. Distribution giant Akamai noted before the patch that half of their monitored networks had at least one machine with a vulnerable OpenSSL 3.x instance, and among those networks, between 0.2 and 33 percent of machines were vulnerable.

    But the specific vulnerabilities—limited-circumstance, client-side overflows that are mitigated by the stack layout on most modern platforms—are now patched, and rated as "High." And with OpenSSL 1.1.1 still in its long-term support phase, OpenSSL 3.x is not nearly as widespread.

    Read 6 remaining paragraphs | Comments