Login

Register

Login

Register

#cybersecurity | hacker | Intel flaw impacts most new Intel chipsets


A vulnerability
was found in most of the Intel chipsets released
in the last five years that could allow an attacker to extract the chipset key
stored on the PCH microchip and obtain access to data encrypted with the key.

The issue, CVE-2019-0090,
was found by Positive Technologies and resides in the Intel Converged Security
and Management Engine. Positive Technologies has informed Intel of the problem.

The company said any breach
utilizing the vulnerability would be impossible to spot and once an attacker used
it to gain entry he could decrypt data stored on the target computer or even
forge its Enhanced Privacy ID attestation, which is used in digital rights
management, financial transactions and when working with IoT devices. Additionally,
this would enable attackers to pass off their computer as the victim’s.

“Attackers can exploit the
vulnerability on their own computers to bypass content DRM and make illegal
copies. In ROM, this vulnerability also allows for arbitrary code execution at
the zero level of privilege of Intel CSME. No firmware updates can fix the
vulnerability,” Positive Technologies reported.

Instead, Intel
recommends those using Intel CSME, SPS, TXE, DAL and AMT contact their device
or motherboard manufacturer for microchip or BIOS updates to address the
vulnerability. However, even these measures will not fully fix the problem.

“Positive
Technologies experts recommend disabling Intel CSME based encryption of data
storage devices or considering migration to tenth-generation or later Intel
CPUs,” the company said.



Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW