Security News for the Week Ending March 13, 2020

9 Years of AMD Processors Vulnerable to 2 New Side-Channel Attacks

AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research.

Known as “Take A Way,” the new potential attack vectors leverage the L1 data (L1D) cache way predictor in AMD’s Bulldozer micro-architecture to leak sensitive data from the processors and compromise the security by recovering the secret key used during encryption. Source: The Hacker News

And… AMD is Not Alone This Week  – Intel has Unpatchable Flaw

And the “chip wars” continue.

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised.

The flaw, if exploited (only theoretical this week) would allow hackers to extract the root encryption key in the Intel Mangement Engine – which is the same for all chips in a particular processor family.  That potentially would nullify all DRM and all whole disk encryption, among other things.  Source: The Hacker News

President Signs Bill To Help Rural Telecom Carriers Replace Chinese Equipment

The President signed the Secure and Trusted Communications Networks Act this week.  The bill mandates that US telecom carriers rip and replace any “suspect foreign network equipment”.  It requires the FCC to set up a compensation fund to help rural telecom carriers do this;  the bigger carriers are on their own – which will likely be reflected in your bill as a fee or surcharge.

Carriers have to provide a list of equipment and estimated costs to replace it by April 22.  Sometime after that, we will have a better estimate of the cost.

For some reason which is not clear to me, the bill will not cover the cost of replacing equipment purchased after August 14, 2018.  It appears that telcos do not need to replace new Chinese equipment.

The requests and status of replacement activities will be posted on the FCC’s website.

The law authorizes the FCC to spend $1 billion in this year’s budget to do this.

The bill also allows companies that won spectrum bids in the last auction to abandon their builds and get their money back for the spectrum if they determine that they can’t build out what they promised without using suspect gear.

It would also appear that if the telco buys or has bought Chinese gear without a government subsidy, they can continue to use it.  Source: Engadget

Microsoft Says: 99.9% of Compromised Accounts did NOT use Multi-Factor Authentication

Microsoft tracks 30 billion login events every day.

They say that roughly 0.5% of all accounts get compromised every month.  That translated to around 1.2 million accounts compromised in January.

THEY ALSO SAY THAT AROUND 99% OF ALL ATTACKS TARGET LEGACY PROTOCOLS, SO, IF THOSE PROTOCOLS CAN BE DISABLED AND MULTI-FACTOR AUTHENTICATION IS TURNED ON, SUCCESSFUL ATTACKS GO TO NEARLY ZERO.

THEY ALSO SAY THAT MULTI-FACTOR AUTHENTICATION BLOCKS 99.9% OF ALL ATTACKS.  Source: ZDNet

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code