Sunday, March 7, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

New CrossTalk attack impacts Intel’s mobile, desktop, and server CPUs

June 10, 2020
in Internet Security
New CrossTalk attack impacts Intel’s mobile, desktop, and server CPUs
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Devin Spell

Academics from a university in the Netherlands have published details today about a new vulnerability in Intel processors.

The security bug, which they named CrossTalk, enables attacker-controlled code executing on one CPU core to leak sensitive data from other software running on a different core.

You might also like

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

Cyberattack shuts down online learning at 15 UK schools

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

The Vrije University’s Systems and Network Security Group (VUSec) says the CrossTalk vulnerability is another type of MDS (microarchitectural data sampling) attack.

MDS attacks target user data while in a “transient” state, as it’s being processed inside the CPU and its many data-caching systems.

More specifically, CrossTalk attacks data while it’s being processed by the CPU’s Line Fill Buffer (LBF), one of these aforementioned CPU cache systems.

According to the VUSec team, the LBF cache actually works with a previously undocumented memory “staging buffer” that is shared by all CPU cores.

crosstalk-scheme.png

Image: VUSec

In a demo video published today, the VUSec research team showed how they employed a CrossTalk attack to attack this undocumented staging buffer via the LBF cache, and leak data processed by apps on other cores (an Intel SGX key, in the example below).

The research team said they’ve been working with Intel on having the CrossTalk attack patched for the past 21 months, since September 2018.

The VUSec team said that patching this bug took more than the standard 90 days because of the complexity of the issue and because they initially didn’t thoroughly investigate the possibility of a cross-core leak.

In the meantime, Intel has already made significant changes to the hardware design of its CPUs, and most of its recent products are not vulnerable to this attack.

For all the older Intel CPU lines, the chipmaker has released today microcode (CPU firmware) updates to patch the CrossTalk vulnerability — which Intel refers to as “Special Register Buffer Data Sampling” or SRBDS (CVE-2020-0543, Intel-SA-00320).

“As with all side-channel issues reported to date, Intel is not aware of any real-world exploits of SRBDS outside of a lab environment,” Intel said in a blog post analyzing its June security updates.

A list of vulnerable Intel CPUs are listed on this page (check the SRBDS column in the table). The list includes CPU lines for embedded, mobile, desktop, and server products.

The VUSec team has also published proof-of-concept code and a technical paper and website on the CrossTalk attack. Intel has its own technical write-up, here.

Credit: Zdnet

Previous Post

Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities

Next Post

Marketing Leadership Skills to Influence Businesses

Related Posts

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool
Internet Security

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

March 7, 2021
Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Internet Security

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

March 6, 2021
$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud
Internet Security

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

March 6, 2021
These two unusual versions of ransomware tell us a lot about how attacks are evolving
Internet Security

These two unusual versions of ransomware tell us a lot about how attacks are evolving

March 6, 2021
Next Post
Marketing Leadership Skills to Influence Businesses

Marketing Leadership Skills to Influence Businesses

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool
Internet Security

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

March 7, 2021
How Optimizing MLOps can Revolutionize Enterprise AI
Machine Learning

How Optimizing MLOps can Revolutionize Enterprise AI

March 6, 2021
Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Facebook enhances AI computer vision with SEER
Machine Learning

Facebook enhances AI computer vision with SEER

March 6, 2021
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Internet Security

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

March 6, 2021
Hands-on Guide to Interpret Machine Learning with SHAP –
Machine Learning

Hands-on Guide to Interpret Machine Learning with SHAP –

March 6, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool March 7, 2021
  • How Optimizing MLOps can Revolutionize Enterprise AI March 6, 2021
  • Cyberattack shuts down online learning at 15 UK schools March 6, 2021
  • Facebook enhances AI computer vision with SEER March 6, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates