dChan
ID: f784b5 Nov. 12, 2020, 9:17 a.m. No.11610289   🗄️.is 🔗kun

Microsoft has released a new batch of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix new hardware vulnerabilities discovered in Intel CPUs.

 

When Intel finds bugs in their CPUs, they release microcode updates that allow operating systems to patch the behavior of the CPU to fix, or at least mitigate, the bug.

 

Today, an international group of researchers from Graz University of Technology, CISPA Helmholtz Center for Information Security, and the University of Birmingham disclosed new Intel CPU side-channel vulnerabilities called Platypus.

 

These vulnerabilities reside in Intel's Running Average Power Limit (RAPL) interface, allowing users to monitor and manage the power consumption of supported CPUs and DRAM memory.

 

The researchers showed that they could use the RAPL interface to monitor power consumption and deduce what instructions were being performed by a CPU, allowing them to steal sensitive data from memory.

 

As a demonstration, the researchers released a video that illustrates how they can use the Platypus attack to steal an AES-NI key from protected Intel SGX enclaves.

 

https://www.bleepingcomputer.com/news/microsoft/windows-10-intel-microcode-released-to-fix-new-cpu-security-bugs/

ID: f784b5 Nov. 12, 2020, 9:22 a.m. No.11610375   🗄️.is 🔗kun   >>0397

Anonymous, insecurable networks like the Internet permit deniable attacks on civilians.

 

​A ransomware group has now started to run Facebook advertisements to pressure victims to pay a ransom.

 

When modern ransomware was first introduced in 2012, we saw a new extortion attack where threat actors extort victims by encrypting their files and then demand a ransom to get a decryptor.

 

In November 2019, a new double-extortion strategy was adopted by ransomware gangs that involve hackers also stealing unencrypted files before encrypting devices. The attackers then threaten to release these stolen files on ransomware data leak sites if a ransom is not paid.

 

Since then, ransomware gangs have become media savvy, where they have post press releases or contact journalists to share their latest exploits to exert pressure on victims.

 

https://www.bleepingcomputer.com/news/security/ransomware-gang-hacks-facebook-account-to-run-extortion-ads/