
AMD Processors Vulnerable to Malicious Microcode
Google researchers recently published proof-of-concept code demonstrating the ability to create malicious microcode patches on AMD processors from Zen 1 through Zen 4. This vulnerability would allow an attacker to arbitrarily alter the execution of virtually any instruction on a vulnerable processor. The vulnerability, CVE-2024-56161, affects the most fundamental operation ... Read More

Don’t Freak Out. Scary Firmware Bugs Are Not Invincible.
This October, the kids might show up looking like an unpatchable firmware bug in critical systems. It’s a good choice because that costume can look like anything. In this post, we will walk through a couple of examples of scary bugs and discuss each weakness. We can start by walking ... Read More
From 33% to 69% …. Does it Matter?
In July, a joint advisory on routinely exploited vulnerabilities was issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI). This advisory lists the top CVEs exploited in ... Read More

Don’t Let the Fox Watch the Henhouse: Securing Firmware
Recent attacks have caused the security industry to direct significant attention to supply chain security. As organizations look to address those challenges, it’s critical to start with what is arguably the most integral piece of the supply chain: the firmware layer. Firmware is, essentially, the foundational code within a device ... Read More