Jun 20, 2024NewsroomFirmware Security / Vulnerability Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the "UEFIcanhazbufferoverflow" vulnerability has been described as a case of a buffer … [Read more...] about Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs
intel
CrowdStrike and Intel Research to Advance Endpoint Security
At CrowdStrike, we are relentlessly researching and developing new technologies to outpace new and sophisticated threats, track adversaries’ behavior and stop breaches. As today’s adversaries continue to become faster and more advanced, the speed of enterprise detection and response is paramount. It is also a challenge for today’s organizations, which face mounting attack … [Read more...] about CrowdStrike and Intel Research to Advance Endpoint Security
New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUs
Dec 09, 2023NewsroomCyber Threat / Hardware Security Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The attack is an end-to-end exploit for Spectre based on a new feature in Intel CPUs called … [Read more...] about New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUs
CrowdStrike Named a Leader that “Delivers World-Class Threat Intel”
We’re excited to share that Forrester has named CrowdStrike a Leader in The Forrester Wave™: External Threat Intelligence Services Providers, Q3 2023. CrowdStrike received the highest ranking of all vendors in the Current Offering category, with the highest score possible in 16 criteria, surpassing all other vendors evaluated in the report. From the report: “CrowdStrike … [Read more...] about CrowdStrike Named a Leader that “Delivers World-Class Threat Intel”
CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
Feb 11, 2023Ravie LakshmananThreat Response / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage (TNAS) devices that could … [Read more...] about CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
Kenna.VM Premier: Accelerate Vulnerability Management with Cisco Talos Intel and Remediation Analytics
New level unlocked. The next step for Kenna.VM users who are maturing their risk-based vulnerability management program is Kenna.VM Premier—and it’s live. The Cisco Kenna team is excited to release a new tier of the Kenna Security platform designed specifically for customers or prospects that have reached a point of maturity in which they can and want to do more with their … [Read more...] about Kenna.VM Premier: Accelerate Vulnerability Management with Cisco Talos Intel and Remediation Analytics
ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors
A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that's akin to an "uninitialized memory read in the CPU itself." "In contrast to … [Read more...] about ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors
New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs
Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm, and stage speculative execution attacks such as Spectre to leak sensitive information from host memory. Attacks like Spectre are designed to break the isolation between different applications by taking advantage of an … [Read more...] about New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs
How Exploit Intel Makes You Less Vulnerable
New research shows effective and efficient vulnerability management hinges on a key ingredient: exploit intel. The data arrives just in time. An expanding threat landscape In 2021, a record-breaking 20,130 Common Vulnerabilities and Exposures (CVEs) were published in the National Vulnerability Database. CVEs are exploding just as attackers are growing more sophisticated, … [Read more...] about How Exploit Intel Makes You Less Vulnerable
Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique
A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability (CVE-2021-0186, CVSS score: 8.2) was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National … [Read more...] about Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique