Release of Technical Report into the AMD Security Processor

Posted by James Forshaw, Google Project Zero Today, members of Project Zero and the Google Cloud security team are releasing a technical report on a security review of AMD Secure Processor ASP. The ASP is an isolated ARM processor in AMD EPYC CPUs that adds a root of trust and controls secure...

Windows 11 offers chip to cloud protection to meet the new security challenges of hybrid work

As the world has changed over the past 18-months, companies have been wrestling with ways to keep employees and data protected as they support new ways of hybrid working. We built Windows 11 to be the most secure Windows yet with built-in chip to cloud protection that ensures company assets stay...

Windows 11 offers chip to cloud protection to meet the new security challenges of hybrid work

As the world has changed over the past 18-months, companies have been wrestling with ways to keep employees and data protected as they support new ways of hybrid working. We built Windows 11 to be the most secure Windows yet with built-in chip to cloud protection that ensures company assets stay...

Design/Logic Flaw

Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing...

Amazon Echo Dot 安全漏洞

The Amazon Echo Dot is a voice-activated speaker from Amazon.com. It can be used to play music, control smart home devices, make phone calls, answer questions, set timers and alarms, and more using Alexa. The Amazon Echo Dot suffers from a security vulnerability that allows attackers to gain acce...

Protecting LoRaWAN Hardware from Attacks in the Wild

In the last article of our LoRaWAN series, we present dangerous hardware attacks that could affect organizations using this technology. These attacks are particularly worrying because many LoRaWAN devices are deployed in unsecured locations...

Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips

Intel’s third-generation Xeon Scalable server processors, code-named Ice Lake, will be rolled out with new security upgrades that the chip giant claims will better protect devices from firmware attacks. The upcoming chips are based on Ice Lake, Intel’s 10nm CPU microarchitecture, which was first...

UEFI scanner brings Microsoft Defender ATP protection to a new level

Microsoft Defender Advanced Threat Protection Microsoft Defender ATP is extending its protection capabilities to the firmware level with a new Unified Extensible Firmware Interface UEFI scanner. Hardware and firmware-level attacks have continued to rise in recent years, as modern security solutio...

Security for Connected Devices

With this post, I want to continue from earlier discussions on security posted here and here and focus on Connected Devices or the Internet of Things IoT. IoT typically represents a network of physical objects or “things” embedded with electronics, software, sensors, and connectivity to enable...

The Effects of the Spectre and Meltdown Vulnerabilities

On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors' manufacturers, and patched­ -- at least to...

The ASLR protection mechanism is a breakthrough attack technical analysis-vulnerability warning-the black bar safety net

Recently, hardware-based attacks have been started by Rowhammer memory leaks or bypass the address space layout randomization protection mechanisms to attack the system, these attacks are based on the processor's memory management unit MMU with a page table interactive interactive manner. These...

Gap Widens Between Attackers, BIOS Forensics, Research

Vendors have made important strides in locking down operating systems, patching memory-related vulnerabilities and other bugs that could lead to remote code execution or give hackers a stealthy presence on a machine. As the hurdles get higher for the bad guys, the better ones will certainly look...

Inside the PlayStation 3 Exploit

The recent attack on the PlayStation 3 hypervisor has gotten a tremendous amount of attention, but there has not been much in the way of detailed analysis of the actual exploit itself. However, a prominent cryptographer and security researcher has looked at the exploit and found that it is a...