Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuratio...

Black Hat USA 2024: Chip Flaw ‘GhostWrite’ Steals Data from CPU Memory

Black Hat USA 2024: Critical RISC-V CPU vulnerability discovered. Dubbed GhostWrite; attackers can exploit this flaw to steal…...

Apple Chip Flaw Leaks Secret Encryption Keys

Plus: The Biden administration warns of nationwide attacks on US water systems, a new Russian wiper malware emerges, and China-linked hackers wage a global attack spree...

MediaTek 芯片 安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company called MediaTek. The MediaTek chips have a security vulnerability that stems from a lack of privilege checking, with a possible way to write a record of an application's privilege usage. This could lead to local privilege...

An Alleged Russian Spy Was Busted Trying to Intern at The Hague

Plus: Firefox adds new privacy protections, a big Intel and AMD chip flaw, and more of the week’s top security news...

A week in security (May 3 – 9)

Last week on Malwarebytes Labs, we discussed how Spectre attacks have come back from the dead; why Facebook banned Instragram ads by Signal; we highlighted the differences between the most popular VPN protocols; pointed out that Google is about to start automatically enrolling users in two-step...

Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings

Speculative execution attacks still haunt Intel, long after researchers told the company what to fix...

hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)

Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA STore Address and STD STore Data sub-operations. These sub-operations allow the processor to hand-off address generation...

A week in security (August 13 – August 19)

Last week on Malwarebytes Labs, we talked about how Process Doppelgänging meets Process Hollowing in the Osiris dropper, provided hints, tips, and links for a safer school year, gave a recap of Black Hat USA 2018, offered some tips for a secure content management system, highlighted a silly...