![]() In December, Microsoft announced a partnership in which its Azure Cloud servers use EPYC processors. But this vulnerability affects only devices using AMD's EPYC secure processor. Like Ryzenfall, Fallout also lets attackers access protected data sections, including Credential Guard, CTS-Labs said. "The attack makes spreading through the network much easier." Fallout "The Windows Credential Guard is very effective at protecting passwords on a machine and not allowing them to spread around," Luk-Zilberman said. After infection, Master Key allows attackers to install malware on the secure processor itself, meaning they'd have complete control over what programs are allowed to run during the startup process. The Master Key vulnerability gets around this startup check by installing malware on the computer's BIOS, part of the computer's system that controls how it starts up. It uses your processor to check that nothing on your computer has been tampered with, and launches only trusted programs. When a device starts up, it typically goes through a "secure boot" process. Here's a breakdown of the reported flaws: Master Key CTS-Labs was founded in 2017, with no history in cybersecurity and six employees, according to its CFO. Guido also said CTS-Labs paid him the company's " week rate for the work." Reuters reported that CTS-Labs paid Trail of Bits about $16,000 for the review. Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works.- Dan Guido March 13, 2018 "An attacker could sit there for years without ever being detected." ![]() "You're virtually undetectable when you're sitting in the secure processor," the CFO, who previously ran a hedge fund, NineWells Capital Partners, said of the flaws. All essentially allow an attacker to target the secure segment of a processor, which is crucial to protecting the sensitive information on your device. ![]() These new security vulnerabilities break down into four categories, according to CTS-Labs co-founder and Chief Financial Officer Yaron Luk-Zilberman. When the Meltdown and Spectre flaws were revealed in January, AMD said that because of design differences, its chips weren't affected. According to researcher Statista, 77 percent of computer processors are from Intel, while AMD accounts for 22 percent. The report of the vulnerabilities comes after the emergence of Meltdown and Spectre, security flaws in Intel and Arm chips, which affected a huge number of PCs dating back two decades. In response to an email about the disclaimer, CTS-Labs said it doesn't have "any investment (long or short) in Intel or AMD."
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |