Monday, 24 September, 2018

AMD 'investigating' critical vulnerabilities in its latest Ryzen and EPYC CPUs

AMD 'investigating' critical vulnerabilities in its latest Ryzen and EPYC CPUs AMD 'investigating' critical vulnerabilities in its latest Ryzen and EPYC CPUs
Emmett Howard | 14 March, 2018, 22:40

Let us know in the comments.

There are 4 vulnerabilities that affect the before-mentioned AMD processors, namely, the Ryzenfall, Masterkey, Fallout, and Chimera. Masterkey on the other hand, requires that "an attacker be able to re-flash the BIOS with a specially crafted BIOS update".

"Given the recent history with Intel and the Meltdown security vulnerability, and the responsible way in which it was released and handled by security professionals and the afflicted companies, this new release, combined with a history of questionable financial dealings, the AMD-specific flaws here seem off base".

But security researchers have hit out at the white paper published by CTS-Labs for lacking any technical details describing the vulnerabilities. With this vulnerability, researchers said, attackers could cause physical damage to hardware or "brick" devices, or make them inoperable.

This model has a huge problem; how can you convince the public you are telling the truth without the technical details. "The vulnerabilities we have discovered allow bad actors who infiltrated the network to persist in it, surviving computer reboots and reinstallations of the operating system, while remaining virtually undetectable by most endpoint security solutions", the advisory said. A sentence towards the end of the paper reads: "In our opinion, the basic nature of some of these vulnerabilities amounts to complete disregard of fundamental security principles. This raises concerning questions regarding security practices, auditing, and quality controls at AMD".

Under the Ryzenfall category, CTS Labs claimed that malicious code could be used to take over the AMD Secure Processor; privileges of this processor could be used to write into protected memory areas; Windows Credential Guard could be bypassed and network credentials stolen; and Ryzenfall could be used along with Masterkey to install persistent malware on the Secure processor. It is important to note that this was only done after first sending an outline of the vulnerabilities out to press outlets.

TechPowerUp reportedly contacted CTS Labs directly.

Do keep in mind that CTS Labs' findings could well be accurate and real.

Margot Robbie Offered Role Of Sharon Tate In New Quentin Tarantino Film
At the time of her murder, Sharon was married to controversial filmmaker Roman Polanski. She'll also be reuniting with her Wolf of Wall Street movie-husband Leonardo DiCaprio .

Shadow of the Tomb Raider Releasing This September, More Tomorrow
It is Lara's character, however, that elevates the film and makes Tomb Raider stand out among other game-to-film adaptations . Her father goes missing and she is prompted to find him by way of a mysterious object, and she is off to her first adventure.

Storm Blasts Winter-Weary Northeast; Thousands Lose Power
The flight-tracking site FlightAware reported more than 1,300 cancelled flights within, into or out of the US on Tuesday. Malloy is urging people to "take it slow and remember their winter weather driving skills".

It continues: "The Fallout vulnerabilities allows access to protected memory regions that are otherwise sealed off by hardware".

CTD-Labs's legal disclaimer also states that it may have a financial interest in stock movements of companies that it provides security reports on. AMD's own statement acknowledging the matter shows unfamiliarity with the company.

CTD-Labs didn't respond to questions by CSO Australia by the time of publishing. From archived information, it appears that the CTS Labs domain was registered in June past year. Though we were told AMD, Trail of Bits, and others were given proofs of concept and instructions for how to exploit the vulnerabilities, that information was not released to the general public.

Viceroy Research's PDF is filled with outlandish claims like the one above, and primarily uses scare tactics, seemingly in an effort to spook investors. Accessing the Secure Processor is done through a vendor supplied driver that is digitally signed, the research group adds. However, it is also worth noting that CTS Labs' CFO is also the founder and Managing Director of NineWells Capital, a hedge fund that invests in public equities.

Investment firm Viceroy Research published a 25-page report on the issues after the company said it was anonymously emailed a copy of CTS' findings on Monday afternoon.

AMD's stock has somewhat dropped in light of the claims, although that downward slide has eased and was on the way back up at the time of writing.

Unlike the Spectre and Meltdown vulnerabilities, which were disclosed to the impacted companies in advance of the information's public release, these new flaws were not made available to AMD prior to the report's publication. The last set of flaws, named Chimera, include what CTS Labs claims to be backdoors that could enable malicious code injection into the AMD Ryzen chipset.

Recommended

Anti corruption unit to investigate the charges levelled on Mohammed Shami Anti corruption unit to investigate the charges levelled on Mohammed Shami In this way, I will not be able to live. "I'm under a lot of stress and lost my cool". Blaming the media for following her round the clock, she said, "My baby is unwell".

This epic eye-roll from a Chinese reporter is breaking the internet This epic eye-roll from a Chinese reporter is breaking the internet The eye-roll was filmed by state-run broadcaster CCTV and was even filmed on mobile phones by mainland netizens and shared online. On Tuesday morning Beijing had announced a major government overhaul that was overshadowed by Liang's hammy performance.

Prudential FY17 Profit Up, Hikes Dividend; To Demerge M&G Prudential; Stock Up Prudential FY17 Profit Up, Hikes Dividend; To Demerge M&G Prudential; Stock Up The separation of the United Kingdom and European unit will enable each business to hone in on specific strategic objectives. This news also follows the decision to sell off £12 billion of its United Kingdom annuities book to Rothesay Life.

Sessions May Fire McCabe Days Before He's Set to Retire Sessions May Fire McCabe Days Before He's Set to Retire TA source told AP that McCabe is suspected of misleading internal investigators about a media leak, an allegation he denies. Strzok was removed from the Mueller team in July, though the reason for his ouster was not reported until December.

Winter weather advisories across the region no longer in effect Winter weather advisories across the region no longer in effect Potentially impacted areas include Wise, Russell and Washington counties in Virginia along with Johnson County in Tennessee. With spring just a week away, this should be our last brush with accumulating snow for winter.

Venus knocks out Serena, Wozniacki marches on Venus knocks out Serena, Wozniacki marches on Serena Williams' first official tournament since becoming a mom in September was cut short by older sister Venus in Indian Wells . She emphatically closed out the 36-minute set with back-to-back aces that clocked 108 miles per hour and 120 miles per hour .

Claire Foy was paid less than male co-star on "The Crown" Claire Foy was paid less than male co-star on However, even if the pay gap is remedied in future seasons, it won't benefit Foy, whose work on the series is over. But still, it's a move in the right direction: 'Going forward, no-one gets paid more than the Queen'.

March Madness 2018: NCAA women's basketball tournament schedule March Madness 2018: NCAA women's basketball tournament schedule Mississippi State, which won 32 straight games before losing to SC , opens play on March 17 against 16-seed Nicholls State. Barring one of the greatest upsets in the history of the sport, UConn will play the victor of that game Monday at Gampel.

Miley Cyrus sued for $300M by Jamaican artist over 'We Can't Stop' Miley Cyrus sued for $300M by Jamaican artist over 'We Can't Stop' And now we've got a veteran reggae artist suing Miley Cyrus because of the phrase " we run things , things don't run we". Even so, the singer is reportedly looking for the judge to rule in his favor based on the phraseology alone.

Pearl Chef Is San Antonio's Only James Beard Award Nominee for 2018 Pearl Chef Is San Antonio's Only James Beard Award Nominee for 2018 Gerard Craft of Niche won "Best Chef: Midwest" in 2015 , and Kevin Nashan of Sidney Street Cafe took the same award past year . The list announced Wednesday includes those whittled down from a list of semifinalists announced in February .

YouTube plans to add Wikipedia links below videos about controversial topics YouTube plans to add Wikipedia links below videos about controversial topics YouTube will not block any conspiracy-theory content, however, unless it runs afoul of the video platform's community guidelines . Still, Wikipedia can be edited by anyone, and editors have often engaged in stellar bipartisan battles over controversial topics.

Microsoft Shakes Up Its E3 2018 Presence Significantly Microsoft Shakes Up Its E3 2018 Presence Significantly Nothing has been confirmed about what will be revealed at E3 but past year Microsoft revealed the Xbox One X and games for it. They will be doing things in a similar fashion this year but with more inclusion with the fans at the Microsoft Theater.

Tomorrow is National Pi Day! And there are freebies, discounts to celebrate Tomorrow is National Pi Day! And there are freebies, discounts to celebrate Locations not participating in Pi Day are Disney Springs, Houston Airport, UCLA, Staples Center, and George Mason University. The company, which is backed by investor LeBron James, among others, baked about 250,000 pizzas on Pi Day previous year .

3000 jobs to go as Toys R Us confirms "controlled" store closures 3000 jobs to go as Toys R Us confirms Toys R Us is one of the nation's biggest toy retailers, employing more than 3,000 across 100 stores in the UK. Around 25 branches of Toys R Us are closed already, or will be closing over the next few days.

Students injured when Monterey County teacher accidentally fires handgun in class Students injured when Monterey County teacher accidentally fires handgun in class Guns in schools are illegal in California but there is an exception for peace officers or those granted specific permission. Alexander was awarded Reserve Office of the Year in 2013 and is also a Seaside City Council member and Red Cross volunteer.