News

Intel adds security enhancements to vPro line

Read Time:51 Second

Intel pulled the wraps off its latest vPro platform powered by its 12th Gen Core processors last week. The platform contains security enhancements including:

Threat Detection Technology (TDT), a hardware-based way to detect ransomware in an efficient and timely manner

Anomalous behavior detection to identify living-off-the-land and supply chain attacks

Silicon-based capabilities that support the next wave of expected operating system virtualization and chipset enhancements with fault injection to help prevent malicious code injections

Threat Detection Technology uses machine learning

Two companies immediately announcing their support of the platform were ESET and ConnectWise. “Using Intel’s TDT, the detection of malware execution—including malicious encryption—is assisted through the use of machine-learning heuristics on suspicious patterns sourced directly from the CPU performance monitoring unit,” Előd Kironský, ESET’s chief of endpoint solutions and security technologies, explained in an interview. “The suspicious activity is shared with the ESET endpoint security solution, which then remediates the threat.”

To read this article in full, please click here

Read More

News

Forcepoint ONE simplifies your security

Read Time:19 Second

Graham Cluley Security News is sponsored this week by the folks at Forcepoint. Thanks to the great team there for their support! Remember when you thought an antivirus was all you needed to keep safe from digital danger? Of course, cybersecurity has never truly been that simple. As cyberthreats and business operations have grown more … Continue reading “Forcepoint ONE simplifies your security”

Read More

Advisories

USN-5300-3: PHP vulnerabilities

Read Time:33 Second

USN-5300-1 fixed vulnerabilities in PHP. This update provides the
corresponding updates for Ubuntu 21.10.

Original advisory details:

It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120)

It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly obtain sensitive information. (CVE-2017-9119)

It was discovered that PHP incorrectly handled certain scripts with XML
parsing functions.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2021-21707)

Read More

News

Hacking Alexa through Alexa’s Speech

Read Time:58 Second

An Alexa can respond to voice commands it issues. This can be exploited:

The attack works by using the device’s speaker to issue voice commands. As long as the speech contains the device wake word (usually “Alexa” or “Echo”) followed by a permissible command, the Echo will carry it out, researchers from Royal Holloway University in London and Italy’s University of Catania found. Even when devices require verbal confirmation before executing sensitive commands, it’s trivial to bypass the measure by adding the word “yes” about six seconds after issuing the command. Attackers can also exploit what the researchers call the “FVV,” or full voice vulnerability, which allows Echos to make self-issued commands without temporarily reducing the device volume.

It does require proximate access, though, at least to set the attack up:

It requires only a few seconds of proximity to a vulnerable device while it’s turned on so an attacker can utter a voice command instructing it to pair with an attacker’s Bluetooth-enabled device. As long as the device remains within radio range of the Echo, the attacker will be able to issue commands.

Research paper.

Read More

News

Researchers find new way to neutralize side-channel memory attacks

Read Time:30 Second

Researchers at the Massachusetts Institute of Technology have discovered a way to foil memory-timing side-channel attacks that’s more efficient than other methods. The attacks can be used to steal secrets such as cryptographic keys or user passwords stored in a computer’s memory.

According to a report by the researchers, the attacks are enabled by shared computer resources. “Through these shared resources, an attacker can seek out even very fine-grained information,” Mengjia Yan, an assistant professor in the electrical engineering and computer science department at MIT, said in a statement.

To read this article in full, please click here

Read More

Advisories

Multiple Vulnerabilities in Mozilla Firefox and Could Allow for Remote Code Execution

Read Time:36 Second

Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), the most severe of which could allow for remote code execution.

Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Advisories

USN-5313-1: OpenJDK vulnerabilities

Read Time:1 Minute, 57 Second

It was discovered that OpenJDK incorrectly handled deserialization filters.
An attacker could possibly use this issue to insert, delete or obtain
sensitive information. (CVE-2022-21248)

It was discovered that OpenJDK incorrectly read uncompressed TIFF files.
An attacker could possibly use this issue to cause a denial of service via
a specially crafted TIFF file. (CVE-2022-21277)

Jonni Passki discovered that OpenJDK incorrectly verified access
restrictions when performing URI resolution. An attacker could possibly
use this issue to obtain sensitive information. (CVE-2022-21282)

It was discovered that OpenJDK incorrectly handled certain regular
expressions in the Pattern class implementation. An attacker could
possibly use this issue to cause a denial of service. (CVE-2022-21283)

It was discovered that OpenJDK incorrectly handled specially crafted Java
class files. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-21291)

Markus Loewe discovered that OpenJDK incorrectly validated attributes
during object deserialization. An attacker could possibly use this issue
to cause a denial of service. (CVE-2022-21293, CVE-2022-21294)

Dan Rabe discovered that OpenJDK incorrectly verified access permissions
in the JAXP component. An attacker could possibly use this to specially
craft an XML file to obtain sensitive information. (CVE-2022-21296)

It was discovered that OpenJDK incorrectly handled XML entities. An
attacker could use this to specially craft an XML file that, when parsed,
would possibly cause a denial of service. (CVE-2022-21299)

Zhiqiang Zang discovered that OpenJDK incorrectly handled array indexes.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2022-21305)

It was discovered that OpenJDK incorrectly read very long attributes
values in JAR file manifests. An attacker could possibly use this to
specially craft JAR file to cause a denial of service. (CVE-2022-21340)

It was discovered that OpenJDK incorrectly validated input from serialized
streams. An attacker cold possibly use this issue to bypass sandbox
restrictions. (CVE-2022-21341)

Fabian Meumertzheim discovered that OpenJDK incorrectly handled certain
specially crafted BMP or TIFF files. An attacker could possibly use this
to cause a denial of service. (CVE-2022-21360, CVE-2022-21366)

It was discovered that an integer overflow could be triggered in OpenJDK
BMPImageReader class implementation. An attacker could possibly use this
to specially craft a BMP file to cause a denial of service.
(CVE-2022-21365)

Read More

News, Advisories and much more

Exit mobile version