Alerts

A team of cybersecurity researchers today disclosed details of two new potentially serious CPU vulnerabilities that could allow attackers to retrieve cryptographic keys protected inside TPM chips manufactured by STMicroelectronics or firmware-based Intel TPMs.

Trusted Platform Module (TPM) is a specialized hardware or firmware-based security solution that has been designed to store and protect sensitive information from attackers even when your operating system gets compromised.

TMP technology is being used widely by billion of desktops, laptops, servers, smartphones, and even by Internet-of-Things (IoT) devices to protect encryption keys, passwords, and digital certificates.

Collectively dubbed as TPM-Fail, both newly found vulnerabilities, as listed below, leverage a timing-based side-channel attack to recover cryptographic keys that are otherwise supposed to remain safely inside the chips.

Read more »

This time a new variant (v2) of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants (RIDL and Fallout).

Initially discovered in May this year, ZombieLoad is one of the three novel types of microarchitectural data sampling (MDS) speculative execution vulnerabilities that affect Intel processor generations released from 2011 onwards.

The first variant of ZombieLoad is a Meltdown-type attack that targets the fill-buffer logic allowing attackers to steal sensitive data not only from other applications and the operating system but also from virtual machines running in the cloud with common hardware.
Read more »

A clever spam campaign is underway that pretends to be a WebEx meeting invite and uses a Cisco open redirect that pushes a Remote Access Trojan to the recipient.  Using open redirects add legitimacy to spam URLs and increases the chances that victims will click on an URL.

An open redirect is when a legitimate site allows unauthorized users to create URLs on that site to redirect visitors to other sites that they wish. This allows an attacker to utilize the URL of a well-known and respected company to deliver malware or phishing campaigns.

For example, Google has an open redirect at the URL //www.google.com/url?q=[url] that can be used by anyone, including attackers, to redirect a visitor through Google’s site to another site.

You can see an example of Google’s open redirect with the following URL that ultimately redirects you to example.com: //www.google.com/url?q=//www.example.com.

By using these types of URLs, attackers can more easily trick victims into clicking on them.

Read more »

The advanced persistent threat (APT) group tracked by Microsoft as Platinum is using a new stealthy Trojan-backdoor malware dubbed Titanium to infiltrate and take control of their targets’ systems.

What makes Titanium stand out is its use of various methods of hiding in plain sight by camouflaging as security solutions, sound drivers, or software commonly used to create DVDs.

Platinum (also tracked as TwoForOne by Kaspersky) has been active since at least 2009 in the APAC region, targeting “governmental organizations, defense institutes, intelligence agencies, diplomatic institutions, and telecommunication providers in South and Southeast Asia,” as per Microsoft.

Microsoft also discovered in 2017 that Platinum started using the Intel Active Management Technology (AMT) Serial-over-LAN (SOL) channel for communication thus evading conventional traffic monitoring and filtering solution running compromised devices.

As part of the Titanium campaign, Platinum used a multi-step infection sequence that employs several downloading, dropping, and installing stages to infect victims from South and Southeast Asia with the final backdoor payload as researchers at Kaspersky found during recent analysis.

Read more »

Network-attached storage (NAS) maker QNAP urges customers to secure their NAS devices against an ongoing malicious campaign that infects them with QSnatch malware capable of stealing user credentials.

QNAP advises users to install the latest version of the Malware Remover app for the QTS operating system running on the company’s NAS devices as soon as possible.

Malware Remover 3.5.4.0 and 4.5.4.0 versions are now capable of removing QSnatch after new rules were added by the company updated it on November 1.

“Users are urged to install the latest version of the Malware Remover app from QTS App Center or by manual downloading from the QNAP website,” says QNAP.

“Users are advised to take actions listed in the security advisory or, alternatively, contact QNAP for technical assistance. Instructions for creating a support request can be found here.”

Read more »