Positive Technologies specialists discovered a new vulnerability in Intel Pentium, Celeron and Atom processors on the 2016, 2017 and 2019 platforms Apollo Lake, Gemini Lake and Gemini Lake Refresh, which was designated CVE-2021-0146. It can be used to access encrypted files, espionage and circumvent copyright protection.
According to experts, “CVE-2021-0146 vulnerability allows testing or debugging modes in several lines of Intel processors. This may allow an unauthenticated user with physical access to gain elevated privileges in the system.”
Vulnerable processors are used in many netbooks, Internet devices (IoT) based on Intel processors (from household appliances and smart home systems to cars and medical equipment).
“One example of a real threat is lost or stolen laptops containing confidential information in encrypted form. Using this vulnerability, an attacker can extract the encryption key and gain access to information inside the laptop,” said the company's specialist Mark Ermolov.
According to the expert, the vulnerability is due to the presence of over-privileged debugging functionality that is not properly protected. To avoid such problems and prevent the possibility of bypassing the built-in protection, manufacturers should take a more careful approach to ensure the security of debugging mechanisms.
In addition, the availability of information about the end-users, for example, about the subjects of the critical infrastructure of the Russian Federation can be very dangerous.
According to Pavel Korostelev, head of the product promotion department of the Security Code company, the discovered problem in Russia is potentially dangerous only for super-important systems that are of interest to Western intelligence services. Ordinary users, according to him, should not worry.
Positive Technologies also notes that in order to eliminate the detected vulnerability, it is necessary to install UEFI BIOS updates published by the end manufacturers of laptops or other devices.
According to Rostelecom-Solar research, every 10th critical information infrastructure (CII) in the Russian Federation is compromised by malware. Even hackers with low qualifications are able to attack most of these IT networks: a significant part of the detected vulnerabilities have existed for more than 10 years, but organizations have not prevented them.
Vladimir Drukov, director of the Cyber Attack Monitoring and Response Center at Rostelecom-Solar, associates the presence of vulnerabilities in CII with the fact that the process of regular software updates has not yet been established in more than 90% of companies.
Kaspersky Lab experts agreed with the findings of the study. According to Anton Shipulin, Lead Business Development Manager at Kaspersky Industrial CyberSecurity, cybersecurity is still at a low level in most CII facilities.
"In terms of data protection, a large number of CII objects are currently in a "depressing situation", and there are no serious hacker attacks on them "by happy accident", but it is only a matter of time," added Fedor Dbar, Commercial Director of Security Code.
In addition, the number of hosts with the vulnerable SMB protocol has almost doubled. It is a network protocol for sharing files, printers, and other network resources that is used in almost every organization. Such vulnerabilities are particularly dangerous, as they allow hackers to remotely run arbitrary code without passing authentication, infecting all computers connected to the local network with malware.
The main problem in internal networks is incorrect password management. Weak and dictionary passwords that allow an attacker to break into an organization's internal network are extremely common. Password selection is used by both amateur hackers and professional attackers.
Moreover, the pandemic has also significantly weakened IT perimeters. Over the past year, the number of automated process control systems (APCS) available from the Internet has grown by more than 60%. This increases the risks of industrial espionage and cyber-terrorism.
A research team at Northeastern University finds vulnerabilities and code defects. It does it by detecting when a programmer uses various code snippets to carry out the same tasks. Consistent and repeatable programming is said to be one of the best ways in software development, it has also become more crucial as the development team grows in size every day. Today, Northeastern University's research team reveals that finding irregular programming, code snippets that carry out the same tasks but in unique ways, can also help in finding bugs and potential vulnerabilities.
A fleeceware application isn't customary Android malware as it doesn't contain pernicious code. Rather, the danger comes from unnecessary subscription charges that it may not clearly specify to mobile clients. Fleeceware tricks a victim into downloading an application that intrigues them. At that point, the developer relies on the client overlooking the program as well as neglecting to see the actual subscription charge. These developers target more youthful clients who probably won't focus on the subscription details. The developer fleeces the victim by fooling them into paying cash for something they probably won't need. Chances are, they won't realize they have or they may have gotten somewhere else complimentary or free of charge.