Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 2 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News Microsoft and Google Reveal New Spectre Attack
#1
Recently discovered by researchers at Microsoft and Google, two new versions of Spectre attack that affects the processors by AMD, ARM, IBM, and Intel. This new flaw, being named SpectreNG is related to Meltdown and Spectre which were discovered early last year. These flaws were discovered by Google and Microsoft researchers independently and were named Variant 3a and 4.
  • Variant 1: bounds check bypass (CVE-2017-5753) aka Spectre v1

  • Variant 2: branch target injection (CVE-2017-5715) aka Spectre v2

  • Variant 3: rogue data cache load (CVE-2017-5754) aka Meltdown

  • [b]Variant 3a: rogue system register read (CVE-2018-3640)[/b]

  • [b]Variant 4: speculative store bypass (CVE-2018-3639) aka SpectreNG[/b]
RedHat had this to say about SpectreNG:

“…relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor’s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.”

“An attacker who has successfully exploited this vulnerability may be able to read privileged data across trust boundaries,”


There is also this video, to explain further:

https://youtu.be/Uv6lDgcUAC0


---Sh7nk-Z0id
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Star News Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution - CXSecu News 0 59 09-18-2020, 08:12 AM
Last Post: News
Star News Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform News 0 133 08-26-2020, 03:41 AM
Last Post: News
Star News Google Adsense stopped working!!! Mr.Kurd 0 181 08-11-2020, 10:56 PM
Last Post: Mr.Kurd
Star News Google: Eleven zero-days detected in the wild in the first half of 2020 Mr.Kurd 0 328 08-02-2020, 10:49 PM
Last Post: Mr.Kurd
Big Grin News Credit-Card Skimmer Has Unlikely Target: Microsoft ASP.NET Sites Mr.Kurd 0 198 07-08-2020, 10:13 AM
Last Post: Mr.Kurd
Shocked News Cloudflare dumps Google's reCAPTCHA, moves to hCaptcha as free ride ends Mr.Kurd 0 432 04-09-2020, 08:55 AM
Last Post: Mr.Kurd
Star News Microsoft Edge Now Alerts Users Of Breached Passwords Mr.Kurd 0 388 04-03-2020, 08:09 AM
Last Post: Mr.Kurd
Question News Windows Running MS-SQL Servers Under Attack!! Hackers Installing 10 Secret Backdoors Mr.Kurd 0 327 04-02-2020, 08:38 AM
Last Post: Mr.Kurd
Rainbow News Microsoft Alerts Users Of Zero-Day RCE Vulnerability In Windows 7 Under Active Exploi Mr.Kurd 0 395 03-26-2020, 09:03 AM
Last Post: Mr.Kurd
Exclamation News Hackers Exploiting 2 Unpatched Windows 0-Day Vulnerabilities in Wide – Microsoft Warn Mr.Kurd 0 653 03-24-2020, 07:56 AM
Last Post: Mr.Kurd



Users browsing this thread: 1 Guest(s)