Sunday, March 7, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

New ‘CacheOut’ Attack Leaks Data from Intel CPUs, VMs and SGX Enclave

January 29, 2020
in Internet Privacy
New ‘CacheOut’ Attack Leaks Data from Intel CPUs, VMs and SGX Enclave
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Another month, another speculative execution vulnerability found in Intel processors.

If your computer is running any modern Intel CPU built before October 2018, it’s likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel’s secured SGX enclave.

You might also like

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

Dubbed CacheOut a.k.a. L1 Data Eviction Sampling (L1DES) and assigned CVE-2020-0549, the new microarchitectural attack allows an attacker to choose which data to leak from the CPU’s L1 Cache, unlike previously demonstrated MDS attacks where attackers need to wait for the targeted data to be available.

According to a team of academic researchers, the newly-discovered speculative execution attacks can leak information across multiple security boundaries, including those between hyper-threads, virtual machines, and processes, and between user space and the operating system kernel, and from SGX enclaves.

“CacheOut can leak information from other processes running on the same thread, or across threads on the same CPU core,” the researchers said. “CacheOut violates the operating system’s privacy by extracting information from it that facilitates other attacks, such as buffer overflow attacks.”

More precisely, the attack enables a malicious program to force the victim’s data out of the L1-D Cache into leaky buffers after the operating system clears them, and then subsequently leak the contents of the buffers and obtain the victim’s data.

intel processors

Researchers at the universities of Adelaide and Michigan demonstrated:

  • the effectiveness of CacheOut in violating process isolation by recovering AES keys and plaintexts from an OpenSSL-based victim,
  • practical exploits for completely de-randomizing Linux’s kernel ASLR, and for recovering secret stack canaries from the Linux kernel,
  • how CacheOut effectively violates the isolation between two virtual machines running on the same physical core,
  • how CacheOut could also be used to breach the confidentiality SGX guarantees by reading out the contents of a secure enclave,
  • how some of the latest Meltdown-resistant Intel CPUs are still vulnerable, despite all of the most recent patches and mitigations.

Besides this, according to researchers, it’s currently unlikely for Antivirus products to detect and block CacheOut attacks, and since the exploit does not leave any traces in the traditional log file, it’s also “very unlikely” to identify whether someone has exploited the flaw or not.

To be noted, CacheOut flaw can’t be exploited remotely from a web browser and also doesn’t affect AMD processors.

Based on researchers findings, Intel yesterday released new microcode updates for affected processors that eventually turns off Transactional Memory Extension (TSX) on the CPUs.

“Software [update] can mitigate these issues at the cost of features and/or performance. We hope that somewhere in the future, Intel will release processors with in-silicon fixes against this issue,” the researchers said.

Though most cloud providers have rolled out patches to their infrastructures, other users can also mitigate the cross-thread leakage by disabling Intel hyper-threading for systems where security is more important.

Furthermore, neither Intel nor the researchers have released exploit code, which indicates there’s no direct and immediate threat.


Credit: The Hacker News By: noreply@blogger.com (Unknown)

Previous Post

Top 8 Google AI Tools

Next Post

Charge anywhere safely with the SyncStop USB Condom

Related Posts

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers
Internet Privacy

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

March 6, 2021
Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Internet Privacy

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories

March 6, 2021
Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!
Internet Privacy

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

March 6, 2021
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
Internet Privacy

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

March 5, 2021
Next Post
Charge anywhere safely with the SyncStop USB Condom

Charge anywhere safely with the SyncStop USB Condom

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Why do Machine Learning strategies fail and how to deal with them?
Machine Learning

Why do Machine Learning strategies fail and how to deal with them?

March 7, 2021
Linux distributions: All the talent and hard work that goes into building a good one
Internet Security

Linux distributions: All the talent and hard work that goes into building a good one

March 7, 2021
Enhance your gaming experience with this sound algorithm software
Machine Learning

Enhance your gaming experience with this sound algorithm software

March 7, 2021
Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool
Internet Security

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

March 7, 2021
How Optimizing MLOps can Revolutionize Enterprise AI
Machine Learning

How Optimizing MLOps can Revolutionize Enterprise AI

March 6, 2021
Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Why do Machine Learning strategies fail and how to deal with them? March 7, 2021
  • Linux distributions: All the talent and hard work that goes into building a good one March 7, 2021
  • Enhance your gaming experience with this sound algorithm software March 7, 2021
  • Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool March 7, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates