The U.S. cybersecurity experts: It provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged or scanned.
It is dubbed Foreshadow and is a new category of side-channel cyber attacks on speculative execution in modern Intel processors
It is dubbed Foreshadow and is a new category of side-channel cyber attacks on speculative execution in modern Intel processors. It has been discovered by independent cyber security researchers. They are Jo Van Bulck, Frank Piessens, Raoul Strackx (imec-DistriNet, KU Leuven); Marina Minkin, Mark Silberstein (Technion), Ofir Weisse, Daniel Genkin, Baris Kasikci, Thomas F. Wenisch (University of Michigan), Yuval Yarom (University of Adelaide and CSIRO’s Data61). The new cyber threat is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds. Foreshadow has two versions, the original attack designed to extract data from SGX enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory. Intel has confirmed the problem and published the list of processors affected by the new cyber attack.
What the side-channel cyber attacks are and how they. Attention, to improve the cyber security it is necessary to install the latest security updates from the manufacturers
According to the Italian CERT, the side-channel cyber attacks – including the Foreshadow – exploit implementation features of hardware and software components to obtain information normally not accessible, useful to compromise the security of a device or a system. For example, several known types of cyber side-channel attacks can use information regarding the execution time of a cryptographic algorithm to force the secrets used, to measure the energy consumption or electromagnetic emissions of a device. This is to extract useful information, take advantage of the architecture of a processor and the implementation of requests between the memory and the CPU, to obtain arbitrary access to the data in memory. In practice, to sneak into a system and take control of it. By the way, it is recommended to install any security updates for the processors, operating systems and applications just available from the respective manufacturers.