Connect with us

Cybersecurity

Intel Chips In Your PC A Privacy Concern?

Published

on

How the intel chips in modern PC pose a threat to your private information

Security researchers have discovered that PCs with Intel chips dating back to 2011 are under serious threat to information hacking, which includes your passwords, secret keys and account tokens, and private messages. If all hell breaks loose, those are information that could potentially threaten society as a whole since it involves manufacturers like Apple, Amazon, Google, Microsoft, and Mozilla. Basically, all popular PC models.

The flaw was discovered by researchers from the Graz University of Technology, which they disclosed to Intel–the company who produces the processor chips that are making your PC vulnerable to hacking attacks. In reaction, Intel has issued a code to patch the current dilemma but still needs individual manufacturers to release and implement the patches to be installed by users.

The said vulnerability is called ZombieLoad, which is very similar to the infamous Meltdown and Spectre. All three are related where processors leaked sensitive information by exploiting the security hole of the processor’s speculative execution function.

Speculative execution is an integral function in modern processors because it is able to maintain up to par performance or keeps your PC running smoothly and efficiently. Basically, speculative executions make preemptive decisions that determine an application or operating software’s needs in future situations. The processor will then execute those predictions once the situation arises, or will discard them if not.

Moreover, during the speculative execution process, it takes in data or what they call a ‘zombie load.’ These are information that it usually cannot understand or properly process, which it redirects to the processor’s microcode in order to avoid a crash. But there’s a bug in the system where it enables people to access the information currently loaded into the processor’s core.

Usually, apps can only see their data internally but by loading them together in the microcode they’re conveniently placed in one box, which hackers can exploit through the bug that bleeds the information across app borders. In simple terms, it gives hackers a live streamline of your actions within your own PC where they can also use o get to your passwords and private messages, to name a few.

Practically, it’s a side-channel attack where hackers don’t need to inject malicious malware into your PC to gain access to your personal information. They only need to exploit the security flaw currently present in the chip, which makes the threat a very serious issue.

Fortunately, researchers are calling the threat in its infancy stage. They were able to catch the bug before hackers could potentially cause a major threat. In addition, like Meltdown and Spectre, hackers would need a specific set of skills in order to successfully access your information through the bug in Intel’s speculative execution function.

As of date, there hasn’t been a major or wide-spread report regarding exploiting the vulnerability mentioned. Mainly due to the fact that hackers would need to run it on a machine. But as Daniel Gruss, one of the researchers said that attack is still possible if an exploit code was sent to a device via an app download.

There’s no reason to panic but the threat is still serious in every sense. It is hard to accomplish but is still very possible so we are recommending to download the latest updates with the patches to protect you and your PC from possible threats.

Also, the security research on the speculative execution function in processors is on its early stages but continues to prove are prone to hacker threats. We can only learn more as research on it extends.

Meanwhile, Intel has released microcode to patch vulnerable processors, including Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake and Haswell chips. Intel Kaby Lake, Coffee Lake, Whiskey Lake, and Cascade Lake chips are also affected, as well as all Atom and Knights processors.

Big tech companies are also starting to roll out their own set of security patches today as their own line of defense against the threat.

You may also expect a slight decrease in performance speed with the incoming patches but they shouldn’t be much of a bother. As TechCrunch reports, the Intel microcode update would impact processor performance similar to previous patches. Expect performance to have a 3% hit at worst and up to 9% in the data center environment.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cryptocurreny

Are Hackers Friends Of Crypto Industry Or Are They Enemies?

Hackers have been paid more than $30,000 for exposing and fixing security issues in crypto companies but at the same time, hackers are also the reason why some of them lose money. Click To Tweet

Published

on

Hackers have been paid more than $30,000 for exposing and fixing security issues in crypto companies but at the same time, hackers are also the reason why some of them lose money.
Hackers have been paid by crypto companies to fix bugs. Photo: Christoph Scholz | Flickr | CC BY-SA 2.0

The unregulated universe of cryptocurrencies have found its unlikely allies among hackers in solving systemic problems and fixing bugs, a report reveals.

Crypto companies including crypto exchanges have paid a lump sum of at least $32,150 to different white-hat hackers by fixing the security flaws in popular crypto and blockchain platforms such as TRON, Brave, EOS, and Coinbase.

The data revealed that 15 blockchain and crypto-related firms had made hefty payments as rewards to security researchers between March 28 and May 16. The said rewards were made concerning 30 publicly-released bug reports during the entire duration.

Among all the companies who had the security threats, Omise, the software firm behind cryptocurrency OmiseGo, need the most fixes with six disclosed bugs and security issues. Blockchain-powered prediction market Augur disclosed three reports, as did Brave Software, makers of the Brave browser, which features its own native token.

Crypto and blockchain technology has since been criticized by different financial institutions for being volatile and vulnerable to technology and cyber crimes, making the technology not conducive to become a working technology. It only makes sense that in time when they need help the most, white-hat hackers and security researchers are there to help them – for a price.

According to the study, he payment varies depending on the severity of the bug. They adjust their HackerOne rewards depending on how easy or difficult it is for the white-hat hacker to reolve a security issue. For instance, majority of Omise’s disclosed security flaws were only worth around $100 each, there are other payments that amounted to a lot more, the study suggests.

Both Block.one, the company that owns the EOS “blockchain,” and budding network Aeternity paid one hacker with more than $10,000 for a single issue that the hacker paid. TRON also paid $3,100 to the researcher who realized the network was susceptible to being flooded with malicious smart contracts, something thatcould jeopardize the future of the company.

Most of cryptocurrency companies and blockchain firms, just like other tech-based companies, have set up a reward or bounty system that would pay anyone that can point out any form of security issue in their systems; a bigger reward is also provided to those who can fix them.

While hackers who decided to use their skills to improve the technology stratosphere are increasing in number steadily, they could at any time decide to use their skills to exploit the vulnerabilities they have discovered for bigger take home money.

Just like how last week, cryptocurrency exchange Binance announced that hackers had successfully stolen 7,000 BT (then $40 million, now $55 million) from its own wallets.

Similarly crypto exchange company Cryptopia announced last week that the company is going into liquidation following the attack that lost the company millions of dollars worth of crypto money in January.

According to a blockchain data analytics firm, their investigation allowed them to estimate the loss caused by the cyber attack to be as much as $16 million in ether and ERC-20 tokens. While the company has restarted their trading services in March, no one is still certain of the actual damages that the cyber attacked caused the company. Until now, the company is still recovering from the aftermath of the breach and still having banking issues.

According to the liquidation firm, Grant Thornton, since the damages caused by the hacking was too “severe” and has impacted the company massively in terms of trade, and amidst the effort of its management to regain composure by reducing costs and returning the business to profitability, they have decided that liquidation is the best option for the company and all stakeholders moving forward.

It is still unclear whether or not Cryptopia is running its own bounty program but coincidentally, Binance has a bounty reward of $100,000 for anyone who can solve the mystery of their stolen crypto money, but until now, the perpetrator is still at large and unidentified.

“At Binance, the security of our users is our number one priority. As such, we strive to provide the most secure platform possible. We will evaluate reported security issues based on the security impact to our users and the Binance ecosystem.”

In the end, the question still remains: Are hackers friends of the crypto industry or are they the enemy?

Continue Reading

Cybersecurity

Cloud Computing Drives Taiwan & HK Organizations To Encrypt Data As “Employee Mistakes” Are The #1 Data Security Threat

Rising trend in cloud computing seen as the key driver of organizations setting up encryption strategies in Hong Kong and Taiwan. Click To Tweet

Published

on

Rising trend in cloud computing seen as the key driver of organizations setting up encryption strategies in Hong Kong and Taiwan.
Cloud Computing. Photo: Jane Boyko | Flickr | CC BY 2.0

Erring employees are the most prolific cause of data breaches and not cyber attacks by hackers in Hong Kong and Taiwan, according to businesses, an independent cybersecurity study reveals.

According to a study conducted by nCipher Security, a B2B applications provider, nearly half of the organization in Hong Kong and Taiwan cite “employee mistakes” as their biggest data security threat. 48% of the organization from the study said that their employees’ mistakes are more likely the case when a data breach happens; only 22% cite external hackers and 17% cite malicious hackers.

The data was revealed by 2019 Hong Kong and Taiwan Encryption Trends study from the Ponemon Institute. The annual review is conducted to capture how organizations, businesses, and institutions around the world are dealing with “compliance, increased threats, and the implementation of encryption to protect their business-critical information and applications.”

With the acknowledgment that human error is most likely to cause a data breach, nCipher says, and the prevalence of data breaches and data security issues around the world, organizations in both Hong Kong and Taiwan have started to realize the value of protecting themselves from data security breaches through data encryption.

“With corporate data breaches making headlines globally, encryption is vital in protecting data by making it unreadable to anyone other than those holding the corresponding encryption key,” reads a press release by nCipher.

A hopeful future awaits most of the organizations globally, with 45% of the respondents to the said study said that their organizations have a comprehensive and holistic encryption plan applied throughout their entire business. The trend was also observed to be continuously rising. However, the study notes that only 39% of organizations in both Hong Kong and Taiwan already have an encryption plan already in place; this is of direct contrast to Germany, which at 67% has the highest number of organization with encryption strategy being implemented.

“Organizations are under relentless pressure to protect their business-critical information and applications, but the proliferation of data, concerns around data discovery and policy enforcement, together with lack of cybersecurity skills makes this a challenging environment,” notes Michael Tai, head of sales, Greater China at nCipher Security.

But it is still not late for Hong Kong and Taiwan to catch up with implementing encryption policies throughout their industries as an overwhelming number of organizations have recognized the importance of protecting customer information and their intellectual property. Seventy-four percent of respondents see protecting customer personal information a priority – highest among all the regions surveyed and is 20% higher than the global average.

The most common type of data encrypted by organizations in Hong Kong and Taiwan is employee or human resources data (63%) and intellectual property (53%). The least common type of data to be encrypted is healthcare information (17%), which is 7% below the global average.

Furthermore, Hong Kong and Thailand leads the world in cloud adaptation with 80% of respondents either currently using cloud computing services or planning to do so within the year. This is another reason, nCipher says, that organizations in both Asian countries are driven to have a robust data security policy and to implement a sound encryption strategy.

“Enterprises are increasingly turning to cloud environments to help them save time and money. While these technologies are digitally transforming businesses, there are potential security risks associated with them,” says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

“Consequently the use of encryption to protect cloud data in Hong Kong and Taiwan is high just as it is elsewhere around the globe. Encryption usage is a clear indicator of a strong security posture. Organizations that deploy encryption are more aware of threats to sensitive and confidential information and making a greater investment in IT security.”

However, amidst the recognition of the need for encryption plans, organization cite data discovery as the most common factor that stops them from setting up encryption systems. Other factors cited by the respondents include classifying which data to encrypt and the ease of time with deploying encryption technologies.

“nCipher empowers customers by providing a high assurance security foundation that ensures the integrity and trustworthiness of their data, applications and intellectual property,” added Tai, encouraging organizations to treat data security as a priority and set up their data encryption systems.

Continue Reading

Cybersecurity

Hackers-For-Hire Are Ineffective And Expensive, Google Study Says

Researchers from Google and University of California said that hackers-for-hire services are frauds and expensive. They also said that they are not threats to individual accounts. Click To Tweet

Published

on

Researchers from Google and University of California said that hackers-for-hire services are frauds and expensive.
Researchers says they are not threats to individual Google accounts. Photo: Richard Patterson | Flickr | CC BY 2.0

Researchers from Google have yet again found a new and compelling reason why people should not hire hackers online, even if their offers are enticing enough for some people to fall for. New research published last week by Google, and researchers from the University of California, San Diego reveals that hackers-for-hire services available online are scams and ineffective.

The research methodology includes contracting 27 hacking services, and as expected, a considerable chunk of them did not respond to the inquiries made by the researchers, while 12 of them responded but never actually attempted to launch an attack. The researchers noted that only five service providers ended up launching assaults against the test Gmail accounts.

“Using unique online buyer personas, we engaged directly with 27 such account hacking service providers and asked them with compromising victim accounts of our choosing,” researchers said.

“These victims, in turn, were ‘honey pot’ Gmail accounts, operated in coordination with Google, and allowed us to record key interactions with the victim as well as with other fabricated aspects of their online persona that we created (e.g., business web servers, email addresses of friends or partner).”

Additionally, out of the 12 who responded to the inquiries of the researchers, nine of them have said that they are no longer working in the hacking business and it turned out that the rest are straight up scams.

The services offered online was said to be charged between $100 and $500 and interestingly, none of the service providers used automated tools for the attacks that they promise their clients.

The attacks are instead involving social engineer, with the hackers using spear-phishing techniques to target attacks for each intended victim. Researchers highlighted that while some of the hackers have asked them for information about the intended victims of the supposed attacks, others didn’t even bother and chose to employ a “re-usable email phishing templates.”

Interestingly, one of the five hackers who ended up launching an attack to the test Gmail account tried to infect the victim with malware rather than straightforwardly phish for account credentials. Once the malware infected email was opened and the malware installed in the victim’s system, the hacker will have virtual remote control of the entire system and would have been able to recover passwords and authentication cookies from local browsers.

Another hacker was able to bypass two-factor authentication ((2FA), the safety mechanism that requires the account holder to use another verification process independent from password authentication such as through a code sent to the connected SMS number in the account. Researchers reveal that the hacker was able to direct the decoy victim to a spoofed Google login page and successfully scraped for both passwords as well as SMS coded while effectively checking the validity of both in real time.

The hacker, says the researchers, who know that he needs to bypass a 2FA actually (and usually) double his prices citing the complexity of the task. An increase in the prices for hacking Gmail accounts have been observed to grow throughout the years with $125 per account in 2017 to $400 today. Researchers posit that the improved security protocol causes the price hike by Google.

“As a whole, however, we find that the commercialized account hijacking ecosystem is far from mature,” the research team said. “We frequently encountered poor customer service, slow responses, and inaccurate advertisements for pricing.

“Further, the current techniques for bypassing 2FA can be mitigated with the adoption of U2F security keys,” they added.

In the end, the researchers concluded that while there are capable hackers, most of those who offer hacking services are either ineffective or just plain frauds. As a consequence, they said that ignoring scam sites, they didn’t view hacker-for-hire services as an actual danger for user accounts. The researchers cited high prices for hacking each account and the low quality of services the service providers provide as reasons.

“However, despite the ability to successfully deliver account access, the market exhibited low volume, poor customer service, and had multiple scammers. As such, we surmise that retail email hijacking has yet to mature to the level of other criminal market segment,” the researchers wrote in their study’s abstract.

Continue Reading

Today’s Latest

Our Voices

Apple2 days ago

Privacy-Centered Web Browsers, A Marketing Strategy?

[bctt tweet="Privacy is a great thing to invest in, but the moment it becomes a selling point rather than an...

Silicon Valley Silicon Valley
Our Voice4 days ago

How Tech Companies Affect Communities In Places They Call ‘Home’

Tech companies are today’s driving forces in the economic world, mostly because of the introduction of the Internet. It allows...

We reviewed RingCentral's VoIP offers We reviewed RingCentral's VoIP offers
Our Voice1 week ago

RingCentral VoIP Review

VoIP has had a significant shift from a technology exclusively used by the early adopters or hobbyist to a widely...

April Fools April Fools
Our Voice2 months ago

April Fools Jokes Aren’t Just “Jokes”

April Fools is undoubtedly a fun day, exceptionally if you have crafted the most elaborate prank on your friends and...

Facebook Facebook
Facebook2 months ago

Facebook Should Do Better At Processing Community Standard Violations, And They Should Do It Fast

A few months ago, I saw a photo of myself used by another Facebook account with a “R.I.P. (Rest in...

With reports of artists committing harassments, should you separate the art from the artist? With reports of artists committing harassments, should you separate the art from the artist?
Our Voice2 months ago

Supporting Problematic Artists And Their Arts, An Opinion

As the world becomes swarmed by reports of famous artists – musicians, comedians, actors, painters – being alleged or in...

How to regulate facial recognition without possible risks How to regulate facial recognition without possible risks
Our Voice2 months ago

Ethical Regulation Of ‘Facial Recognition’ Is A Shared Responsibility

There is an ongoing discussion both in online and offline spaces regarding the growth of facial recognition technology and its...

Solving Data Breachs, must focus on SMBs Solving Data Breachs, must focus on SMBs
Cybersecurity2 months ago

Data Breach Epidemic: Solving The Problem In SMBs Will Solve The Problem For All

In the last two weeks, we’ve witnessed a vast amount of data breaches and information leaks, and the issue has...

Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects
Our Voice2 months ago

We Agree To PM Ardern Of Keeping Christchurch Murderer Nameless, And The Media Should Listen

In the wake of Christchurch mosques shooting in New Zealand that killed 50 people at two mosques, the shooter is...

Apple Anti-Snooping Paten Apple Anti-Snooping Paten
Apple2 months ago

Apple vs. Police Authorities; A Cold War Against iPhone’s Anti-Snooping Patent

To protect its customers from hackers and illegal surveillance, Apple is developing an anti-snooping technology that would impede police and...

Fighting misinformation over measles outbreak Fighting misinformation over measles outbreak
Our Voice3 months ago

An Epidemic: Measles Or Misinformation?

2018 was the year when people started asking the question: ‘should I get my child vaccinated?’ Most people answered yes,...

Join us as we delve into the future of the VoIP industry Join us as we delve into the future of the VoIP industry
Our Voice3 months ago

Take A Look At The Predicted Future Of The VoIP Industry

For the past 20 years, VoIP has become an integral part of the lives of millions of people around the...

Contact Center Solutions Contact Center Solutions
Business3 months ago

Choose The Right Call Center And The Best Contact Center Solutions of 2019

The Ins And Outs Of Business Communication Management For your business to exist in today’s world, you must know how...

Instagram poses as a threat to some of the world's most famous location Instagram poses as a threat to some of the world's most famous location
Our Voice3 months ago

How Instagram Corrupts Famous Locations In The World

Is Instagram corrupting the beauty of breathtakingly beautiful locations and sucking all the joy out of traveling? With the era...

How one can earn crypto How one can earn crypto
Our Voice4 months ago

Ways To Earn Cryptocurrency

Cryptocurrency is one of the growing medium for exchange in most countries as it offers a more convenient and safer...

Ending Payday Loans Ending Payday Loans
Our Voice4 months ago

Can We End Payday Loans?

We can’t neglect the fact that debt is one of the pressing problems in the country, especially in today’s economy....

How will 5G change our lives -- Our Voice How will 5G change our lives -- Our Voice
Our Voice4 months ago

Jumping From 4G To 5G: Here’s What 5G Can Do For You

One of the most awaited advancements in technology is the cellular industry. With its monthly updates on software, model and...

VoIP vs Traditional Telephones: Cost Factors to consider VoIP vs Traditional Telephones: Cost Factors to consider
Our Voice4 months ago

What are the cost factors of VoIP?

In the next few years, we might be saying goodbye to traditional telephone systems in exchange for Voice over Internet...

Manufacturing Firms Investment on Technology Manufacturing Firms Investment on Technology
Our Voice5 months ago

Manufacturing Firms are Investing More on Technology

Based on the recent research on how manufacturing companies are coming up in the market industry, they have been increasing...

How to properly take Technology Innovation in companies How to properly take Technology Innovation in companies
Our Voice5 months ago

Technology innovation in companies—for the better or the worse?

Technology has significantly impacted both homes and workplaces in the last years. As much as we want to keep our...

Trending