AMD Chip flaws confirmed

-
CTS a cybersecurity firm discovered 133 critical vulnerabilites and back doors in EPYC and ryzen cpu chips from amd. The company says anyone that can exploit using code to bypass any security features like secure boot and windows defender. they were nicknamed , MASTERKEY , RYZENFALL, FALLOUT CHIMERA. you not need physical access to the machine just admin privileges. Check point another cybersecurity firm also confirmed the vulnerabilities but it doesn't agree on how CTS disclosed the findings only giving AMD 24 hours before going public.


https://www.securityweek.com/amd-chip-flaws-confirmed-more-researchers

Comments

Post a Comment

Popular posts from this blog

hackers awarded $267k at pwn2own 2k18

-
white hat hackers earn money from big companies that sponsor attacks to find exploits in edge , apple safari , virtual box and firefox. first day a hacker called rich zhu earned 70k from an attack on edge , another hacker received $65k for hacking safari. the second day of these events Zhu hacked firefox and earned 120k for his efforts. that right thier was some easy money. if you asked me. MWR also earned 55k for a safari sandbox escape exploit. the highest prizes at this event was from microsoft which offered  $150k for hyper v exploits, 100k for outlook exploits and windows smd 100k. you can read more on this link below. thanks https://www.securityweek.com/hackers-awarded-267000-pwn2own-2018
Read more

hackers abusing text editors for privilege escalation

-
some text editors allow 3rd party code to run as a extensions to the application, this provides some benefits but also can be a security risk. a researcher named dor azouri looked at some programs called sublime , vim , emacs , gedit and pico and found that half allow this privilege escalation. for example if i am an system admin and i restrict privileges to certain applications or permissions. these editors allow me to bypass by adding a few lines of code which starts the programs. you can read more on this article. https://www.securityweek.com/hackers-can-abuse-text-editors-privilege-escalation
Read more