January Threat Report - Security Boulevard

January Threat Report

Yesterday Eclypsium published new research exposing vulnerabilities to Direct Memory Access (DMA) attacks in laptops from HP and Dell. Eclypsium researchers, Mickey Shkatov and Jesse Michael demonstrated that high speed DMA attacks can bypass hardware protections on enterprise devices. This powerful class of attacks is an industry-wide issue that threatens servers as well as laptops.

READ THE REPORT >

Join us for a live webinar on February 5th. REGISTER NOW >

What is your line of sight to potential firmware vulnerabilities? Did you know that 2019 had the most firmware vulnerabilities ever discovered? There was a 43% rise over the previous record in 2018. This whitepaper outlines 5 questions to evaluate and improve your firmware security posture.

LEARN HOW >

INDUSTRY NEWS

  • Netgear Signed TLS Cert Private Key Disclosure There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware. The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear’s support website, without authentication; thus anyone in the world could have retrieved these keys.
  • 5 Key Security Lessons From The Cloud Hopper Mega Hack The Chinese hacking group known as APT10 is suspected of being behind the “Cloud Hopper” attack. If the hackers found weaknesses in cloud companies’ defenses, they exploited them to hop across different customers’ networks, stealing intellectual property, security clearances and other data as they went.

INDUSTRY PERSPECTIVE

SECURITY RESEARCH

  • CacheOut – Leaking Data on Intel CPUs via Cache Evictions. Recent speculative execution attacks demonstrate how attackers can leak information while it moves through microarchitectural buffers. In this work, several researchers review CacheOut, a new microarchitectural attack capable of bypassing Intel’s buffer overwrite countermeasures implemented to prevent previous Spectre type of attack.
  • A three part series on reverse engineering a Philips TriMedia based IP camera.The first part of the series introduces a research project, showing the different steps taken to analyze the firmware and the hardware of the camera. In the second part, the researcher presents the Philips TriMedia architecture, its instruction set, and assembly. The third part of the series focuses on an example of how a Philips TriMedia instruction can be disassembled.
  • Gentech research announced the results of its new study – almost 4 in 10 security cameras can be at risk of cyber-attack due to outdated firmware. This highlights the breadth of firmware vulnerabilities.
  • Exploiting Wi-Fi Stack on Tesla Model S. Keen Security Lab used two vulnerabilities they found in the Parrot Linux system to compromise it by sending malicious packets from a normal Wi_Fi dongle.

SECURITY ADVISORIES

Critical

  • Cable Haunt is a critical vulnerability found in cable modems across the globe from different manufacturers. The vulnerability allows for remote arbitrary code execution. The vulnerability originated in reference software, which is copied by different cable modem manufacturers when creating their cable modem firmware.
  • Citrix rolled out patches for a critical vulnerability (CVE-2019-19781) in the Citrix Application Delivery Controller (ADC) and Citrix Gateway products sooner than expected. CISA strongly recommends users and administrators update Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP once the appropriate firmware updates become available.

Moderate

ADDITIONAL READING & LISTENING

  • View Uncover, Understand, Own – Regaining Control Over Your AMD CPU. Listen to how researchers reverse engineered an unknown subsystem.They looked at what the AMD Secure Processor actually is – a dedicated security subsystem that runs code you don’t know and don’t control.
  • Listen to the On the Metal podcast starring Eclypsium’s Rick Altherr. Rick discusses firmware as the latest attack vector, impossible bugs and the impact these attacks have on organizations.

TOOLS

GitHub: Validation environment  for hardware security requirements. This repository contains tools and documentation for validating hardware configuration of an x86 platform, and its security. The tools called out are CHIPSEC and key.efi binary. These tools can be used to build two bootable USB keys.

WEBINARS

  • Answering your questions—join Eclypsium’s principal researchers, Mickey Shkatov and Jesse Michael for a Q&A about Direct Memory Access (DMA) Attacks
    • When: Wednesday, February 5, 2020 at 10  a.m. PDT.
    • What: Direct Memory Access (DMA) attacks are an industry-wide issue allowing direct access to information and kernel privileges, which can be devastating. Our research shows that enterprise-class laptops, servers, and cloud environments continue to be vulnerable to DMA attacks, even in the presence of protections.
    • REGISTER NOW >
  • Join Eclypsium for the Anatomy of a Firmware Attack webinar
    • When: Tuesday, March 3, 2020 at 11 a.m. PDT.
    • What: By attending this webinar you will walk away with a better understanding of the rise of firmware and hardware attacks, attacker motivations, key firmware components, and their role in an attack, attack vectors and malicious techniques. We will conclude with a case study of an in-the-wild attack.
    • REGISTER NOW >

UPCOMING ECLYPSIUM TRAINING

Eclypsium is known for its excellent training in firmware security and threat prevention. These two-day sessions teach security at the hardware and firmware levels, understanding attacks against system firmware, how to mitigate them, how to identify vulnerabilities and how to perform basic forensics on different firmware components.

Sign up for our upcoming training at CanSecWest 2020:


*** This is a Security Bloggers Network syndicated blog from Eclypsium authored by Eclypsium. Read the original post at: https://eclypsium.com/2020/01/30/january-threat-report/