Intel Tiger Lake CPUs to come with Anti-Malware Protection



Intel’s Tiger Lake CPUs will come with Control-flow Enforcement Technology (CET), aimed at battling common control-flow hijacking attacks.

Intel’s upcoming class of mobile CPUs, code named “Tiger Lake,” will feature a long anticipated security layer, called Control-flow Enforcement Technology (CET), which aims to protect against common malware attacks.

CET protects against attacks on processors’ control flow, which refers to the order in which different functions calls are executed. Previously, attackers have targeted control flow in attacks where they hijack the processes and modify the instructions. This could potentially allow them to execute arbitrary code on victims’ systems.

“Intel CET delivers CPU-level security capabilities to help protect against common malware attack methods that have been a challenge to mitigate with software alone,” said Tom Garrison, vice president and general manager of Client Security Strategy and Initiatives with Intel, in a Monday post. “These types of attack methods are part of a class of malware referred to as memory-safety issues, and include tactics such as the corruption of stack buffer overflow and use-after-free.”

Intel’s upcoming Tiger Lake CPUs (which were first announced in January) are the first to come equipped with Intel CET, which will battle control-flow hijacking attacks by adding two types of protection.

The first is Indirect Branch Tracking (IBT), which defends against attacks called call-oriented programming or jump-oriented programming (COP and JOP). These types of code-reuse attacks occur when short code sequences that end in specific call and jump instructions are located and chained into a specific order, in order to execute attackers’ payloads. IBT prevents this by creating a new instruction, ENDBRANCH, which tracks all indirect call and jump instructions to detect any control-flow violations.

The second protection is shadow stack (SS). Shadow stack helps to defend against return-oriented programming (ROP) attacks. These types of attacks center around return instructions in a control flow, which are intended to fetch the address of the next instruction from the stack, and execute instructions from that address. In ROP attacks, an attacker abuses these return instructions to stitch together a malicious code flow.

Shadow stack (separate from the data stack) prevents this by adding return address protection. When shadow stacks are enabled, the CALL instruction on a processor pushes the return address on both the data stack and shadow stack and make sure that they match.

“JOP or ROP attacks can be particularly hard to detect or prevent because the attacker uses existing code running from executable memory in a creative way to change program behavior,” Baiju Patel, fellow with Intel’s client computing group, said. “What makes it hard to detect or prevent ROP/JOP is the fact that attacker uses existing code running from executable memory. Many software-based detection and prevention techniques have been developed and deployed with limited success.”

Intel published the first specification of CET in 2016. Various software makers have added support for the technology into their products, including Microsoft in its Hardware-enforced Stack Protection for Windows.

While CET is launching for Intel’s mobile lineup, the technology will soon be available on desktop and server platforms, according to Garrison. The chip giant is now preparing for volume production of its Tiger Lake chipset, and expects to being shipping the processors to OEMs mid-year.


Source: Threatpost

Lamphone attack recovers secretive conversations via hanging light bulb

Lamphone attack allowed researchers to recover conversations from a distance of 25 meters (82 feet).



Earlier this year it was reported that hackers can exploit a critical vulnerability in Philips smart light bulbs to spread malware. Now, scientists at the Ben-Gurion University of the Negev, Israel, and Weizmann Institute of Science have identified that it is possible to use a light bulb’s vibration patterns and evaluate the amount of light emitted to spy on secret conversations from a remote location.

The spying can be conducted simply by observing a hanging light bulb visible from a window in the room. 

Scientists Ben Nassi, Yaron Pirutin, Adi Shamir, Yuval Elovici, and Boris Zadov claim that the hanging bulb is the key to this attack, which they have dubbed “Lamphone” attack because it serves as a diaphragm and a transducer.

This means a hanging light bulb can be used by secret agents and spies to eavesdrop on confidential conversations by detecting vibrations from the bulb that result from naturally occurring air pressure fluctuations when sound waves hit its surface. By measuring the changes in the hanging bulb’s output, snippets of conversations can be picked up including music.

The researchers based their research on the principle that objects vibrate when sound waves hit their surface. They used a setup comprising of a telescope to get a close-up view of the room where the light bulb was present, and an electro-optical sensor mounted on the telescope.

The purpose of the sensor was to convert light into electrical current, that is, to transform the analog output to a digital signal. 



Furthermore, by using a laptop researchers could process the incoming optical signals and recovered sound data. By using powerful sensors, the researchers noted, it was possible to record the light variations, and the sound waves hitting the light bulb could be reverse engineered to retrieve the audio.

However, the Lamphone technique has its fair share of limitations. For instance, an attacker would require a direct line of sight to the light bulb, and bulbs that are decorated with covers or other materials cannot be targeted.

Similarly, conversations in windowless rooms cannot be spied upon, and for the attack to be successful the conversation has to be very loud, or else, the speaker should be closer to the light bulb.

In their experiments [PDF], the researchers were able to recover conversations from a distance of 25 meters, and they could recover both human conversation and room effects such as the music playing in the background.


Th fact that their experiment was successful is alarming for many companies as the technique can be used to spy upon unsuspecting users and retrieve audio from devices that offer similar functions as the microphone. These include vibration devices, speakers, motion sensors, magnetic hard disk drives, and even wooden tables. 


Source: Hackred

Microsoft Joins Ban on Sale of Facial Recognition Tech to Police



Microsoft has joined Amazon and IBM in banning the sale of facial recognition technology to police departments and pushing for federal laws to regulate the technology.

Microsoft is joining Amazon and IBM when it comes to halting the sale of facial recognition technology to police departments. In a statement released Thursday by Microsoft President Brad Smith, he said the ban would stick until federal laws regulating the technology’s use were put in place.

“We will not sell facial recognition tech to police in the U.S. until there is a national law in place… We must pursue a national law to govern facial recognition grounded in the protection of human rights,” Smith said during a virtual event hosted by the Washington Post.

On Wednesday, Amazon announced a one-year ban on police departments using its facial recognition technology. In a short statement the company said it would be pushing for “stronger regulations to govern the ethical use of facial recognition technology.”

The actions by both tech behemoths dovetail actions by IBM earlier this week. In a statement by IBM’s new CEO Arvind Krishna, he said that it will no longer offer general purpose facial recognition or analysis software “for mass surveillance, racial profiling, violations of basic human rights and freedoms, or any purpose which is not consistent with our values and Principles of Trust and Transparency.”

Krishna’s statements were part of a letter to Congress where he advocated policy reviews such as “police reform, responsible use of technology, and broadening skills and educational opportunities.”

The moves align with a broader demand for law enforcement reforms and calls for racial justice by social justice activists in the wake of the death of George Floyd by Minneapolis, Minnesota police and the weeks of protests that followed.

“It should not have taken the police killings of George Floyd, Breonna Taylor, and far too many other black people, hundred of thousands of people taking to the streets, brutal law enforcement attacks against protesters and journalists, and the deployment of military-grade surveillance equipment on protests led by black activists for these companies to wake up to the everyday realities of police surveillance for black and brown communities,” said Matt Cagle, technology and civil liberties attorney with the American Civil Liberties Union of Northern California in a statement to NBC News this week.


Source: Threatpost

Android WARNING: Terrifying malware discovered on Google Play Store.

 users are being warned about a scary strain of malware discovered on Google Play Store apps.

Android is one of the most widely used pieces of software, with over two billion devices running the Google mobile OS each and every month.

And now Android users are being warned once again about a strain of malware discovered on Google Play Store apps.

Security researchers discovered a dangerous strain of malware on almost 25 apps on the Google Play Store.

The malware was dubbed Exodus and has some terrifying functionality with it capable of rooting devices and boasting advanced spying features.

Not only was Exodus capable of gathering phone numbers and sending it to external servers, it could severely compromise a device after rooting it.

With these phones Exodus was capable of extracting passwords, chat logs, contact details as well as creating local audio and video recordings.

To root devices Exodus used an exploit called DirtyCOW, which was patched by Google in 2016.

So any recently updated phone is thankfully immune to this, with Exodus then limited to gathering data available to other apps.

The existence of Exodus was revealed in a post online after an investigation by Security Without Borders and Motherboard.

After the Exodus discovery last month it’s been revealed that Exodus has also made its way onto iOS devices.

The malware was circulated via phishing sites after the Apple Developer Enterprise programme was “abused”.

In a post online IT security firm Lookout said: “For the past year, Lookout researchers have been tracking Android and iOS surveillanceware, that can exfiltrate contacts, audio recordings, photos, location, and more from devices.

“As has been previously reported, some versions of the Android malware were present in the Google Play Store.

“The iOS versions were available outside the app store, through phishing sites, and abused the Apple Developer Enterprise programme.”

Apple have been informed by Lookout and addressed the issue so as long a users’ iPhone is up-to-date they will be safe.

Google also have removed the almost 25 apps found on the Google Play Store which had Exodus malware on it.

Source: expressUK

Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password

 It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network.

WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended to prevent hackers from eavesdropping on your wireless data.

The Wi-Fi Protected Access III (WPA3) protocol was launched in an attempt to address technical shortcomings of the WPA2 protocol from the ground, which has long been considered to be insecure and found vulnerable to KRACK (Key Reinstallation Attack).

Though WPA3 relies on a more secure handshake, known as Dragonfly, that aims to protect Wi-Fi networks against offline dictionary attacks, security researchers Mathy Vanhoef and Eyal Ronen found weaknesses in the early implementation of WPA3-Personal, allowing an attacker to recover WiFi passwords by abusing timing or cache-based side-channel leaks.

"Concretely, attackers can then read information that WPA3 was assumed to safely encrypt. This can be abused to steal sensitive transmitted information such as credit card numbers, passwords, chat messages, emails, and so on," the researchers say.

Vulnerabilities in WPA3 — Hacking WiFi Password


In a research paper, dubbed DragonBlood, published today, researchers detailed two types of design flaws in WPA3—first leads to downgrade attacks and second to side-channel leaks.

Since the 15-year-old WPA2 protocol has been widely used by billions of devices, widespread adoption of WPA3 won't happen overnight. To support old devices, WPA3 Certified devices offer a "transitional mode of operation" that can be configured to accept connections using both WPA3-SAE and WPA2.

Researchers find that the transitional mode is vulnerable to downgrade attacks, which attackers can abuse to set up a rogue AP that only supports WPA2, forcing WPA3-supported devices to connect using insecure WPA2's 4-way handshake.

"We also discovered a downgrade attack against SAE [Simultaneous Authentication of Equals handshake, commonly known as Dragonfly] itself, where we can force a device into using a weaker elliptic curve than it normally would use," the researchers say.


Moreover, a man-in-the-middle position is not needed to carry out downgrade attack. Instead, attackers only need to know the SSID of the WPA3- SAE network.


Researchers also detail two side-channel attacks—Cache-based (CVE-2019-9494) and Timing-based (CVE-2019-9494) attacks—against Dragonfly's password encoding method that could allow attackers to perform a password partitioning attack, similar to an offline dictionary attack, to obtain Wi-Fi password.

"For our password partitioning attack, we need to record several handshakes with different MAC addresses. We can get handshakes with different MAC addresses by targeting multiple clients in the same network (e.g. convince multiple users to download the same malicious application). If we are only able to attack one client, we can set up rogue APs with the same SSID but a spoofed MAC address."


Besides these, the duo also documented a Denial of Service attack that can be launched by overloading an "AP by initiating a large amount of handshakes with a WPA3-enabled Access Point," bypassing SAE's anti-clogging mechanism that is supposed to prevent DoS attacks.

Some of these vulnerabilities also affect devices using the EAP-pwd (Extensible Authentication Protocol-Password) protocol, which is also based on the Dragonfly password-authenticated key exchange method.

Head to the source link foe more information TheHackerNews

Microsoft Releases April 2019 Security Updates — Two Flaws Under Active Attack


Microsoft today released its April 2019 software updates to address a total of 74 CVE-listed vulnerabilities in its Windows operating systems and other products, 13 of which are rated critical and rest are rated Important in severity.


April 2019 security updates address flaws in Windows OS, Internet Explorer, Edge, MS Office, and MS Office Services and Web Apps, ChakraCore, Exchange Server, .NET Framework and ASP.NET, Skype for Business, Azure DevOps Server, Open Enclave SDK, Team Foundation Server, and Visual Studio.

None of the vulnerabilities addressed this month by the tech giant were disclosed publicly at the time of release, leaving the two recently disclosed zero-day flaws in Internet Explorer and Edge browsers still open for hackers.

However, two new privilege escalation vulnerabilities, which affect all supported versions of the Windows operating system, have been reported as being actively exploited in the wild.

Both rated as important, the flaws (CVE-2019-0803 and CVE-2019-0859) reside in the Win32k component of Windows operating system that could be exploited by attackers to run arbitrary code in kernel mode on a targeted computer.

Just last month Microsoft patched two similar vulnerabilities in the Win32k component that were also being exploited in targeted attacks by several threat actors including, FruityArmor and SandCat.

Besides this, Microsoft also released updates to patch 13 critical vulnerabilities, and as expected, all of the critical-rated vulnerabilities lead to remote code execution attacks, except one elevation of privileges in Windows Server Message Block (SMB) Server.

All critical vulnerabilities primarily impact various versions of Windows 10 operating system and Server editions and reside in ChakraCore Scripting Engine, Microsoft XML Core Services, SMB Server, Windows IOleCvt Interface, and Windows Graphics Device Interface (GDI).

Many important-rated vulnerabilities also lead to remote code execution attacks, while others allow elevation of privilege, information disclosure, cross-site scripting (XSS), spoofing and denial of service attacks.

Users and system administrators are highly recommended to apply the latest security patches as soon as possible to keep cybercriminals and hackers away from taking control of their computers.

For installing the latest security updates, you can head on to Settings → Update & Security → Windows Update → Check for updates on your computer, or you can install the updates manually.

For addressing problematic update issues on Windows 10 devices, Microsoft last month also introduced a safety measure that automatically uninstalls buggy software updates installed on your system if your OS detects a startup failure.

Adobe also rolled out security updates today to fix 40 security vulnerabilities in several of its products. Users of the affected Adobe software for Windows, macOS, Linux, and Chrome OS are advised to update their software packages to the latest versions.

Source

WikiLeaks Founder Julian Assange Arrested


WikiLeaks founder Julian Assange has been arrested at the Ecuadorian Embassy in London—that's almost seven years after he took refuge in the embassy to avoid extradition to Sweden over a sexual assault case.


According to a short note released by London's Metropolitan Police Service, Assange was arrested immediately after the Ecuadorian government today withdraws his political asylum.

Assange has now been taken into custody at a central London police station, from where he will be presented before Westminster Magistrates' Court as soon as possible.

U.S. Department of Justice also confirmed today that Assange would face extradition proceedings for his alleged role in "one of the largest compromises of classified information in the history of the United States."
The indictment [unsealed today] alleges that in March 2010, Assange engaged in a conspiracy with Chelsea Manning, a former intelligence analyst in the U.S. Army, to assist Manning in cracking a password stored on U.S. Department of Defense computers connected to the Secret Internet Protocol Network (SIPRNet), a U.S. government network used for classified documents and communications.
Following his arrest on Thursday, Ecuadorian President LenĂ­n Moreno tweeted, "In a sovereign decision, Ecuador withdrew the asylum status to Julian Assange after his repeated violations to international conventions and daily-life protocols."

However, WikiLeaks said Ecuador had acted illegally in terminating Mr Assange's political asylum "in violation of international law."

For more info head to the source link TheHackerNews

Intel Tiger Lake CPUs to come with Anti-Malware Protection

Intel’s Tiger Lake CPUs will come with Control-flow Enforcement Technology (CET), aimed at battling common control-flow hijacking attacks. I...