In a world where most of us work, communicate, play, explore, and make purchases online nearly every day, cybersecurity is more important than ever. Yet it's also a world where it's increasingly hard to know who to trust. Perhaps you've seen recent news reports that call into question the security practices of companies that you might rely on for the network for your home or small business. At ASUS, we're working to show you that not every networking company has the same level of commitment to cybersecurity. Recently, we joined FIRST, a longstanding and renowned organization that brings together a variety of computer security incident response teams from around the world. Our membership in FIRST enables us to take enterprise-level experience, security protocols, and incident response tactics and integrate them into the consumer market.

35 years of coordinating responses against cyberattacks
When you're the victim of a cyberattack, your priority is to re-secure your own hardware, data, and account access. But the incident response teams dedicated to cybersecurity have to take a larger view. What vulnerability made the cyberattack possible? What other systems could be affected? How quickly can a fix be deployed, and how might this fix affect other vital systems and functions? Answering these questions in today's connected world requires not just on-the-ground incident response teams, but international communication and coordination between these groups. Since 1990, this layer of coordination has been provided by FIRST—the Forum of Incident Response and Security Teams. Consisting of members from government agencies, educational institutions, military divisions, and the private sector, FIRST works to ensure a safe internet for everyone by creating channels for incident response and security teams across the globe to work together.

Google Security Research team has just published its latest research on a fundamental flaw in the microcode patch verification system that affects AMD processors from "Zen 1" through "Zen 4" generations. The vulnerability stems from an inadequate hash function implementation in the CPU's signature validation process for microcode updates, enabling attackers with local administrator privileges (ring 0 from outside a VM) to inject malicious microcode patches, potentially compromising AMD SEV-SNP-protected confidential computing workloads and Dynamic Root of Trust Measurement systems. Google disclosed this high-severity issue to AMD on September 25, 2024, leading to AMD's release of an embargoed fix to customers on December 17, 2024, with public disclosure following on February 3, 2025; however, due to the complexity of supply chain dependencies and remediation requirements, comprehensive technical details are being withheld until March 5, 2025, allowing organizations time to implement necessary security measures and re-establish trust in their confidential compute environments.

AMD has released comprehensive mitigation measures through AGESA firmware updates across its entire EPYC server processor lineup, from the first-generation Naples to the latest Genoa-X and Bergamo architectures. The security patch, designated as CVE-2024-56161 with a high severity rating of 7.2, introduces critical microcode updates: Naples B2 processors require uCode version 0x08001278, Rome B0 systems need 0x0830107D, while Milan and Milan-X variants mandate versions 0x0A0011DB and 0x0A001244 respectively. For the latest Genoa-based systems, including Genoa-X and Bergamo/Siena variants, the required microcode versions are 0x0A101154, 0x0A10124F, and 0x0AA00219. These updates implement robust protections across all SEV security features - including SEV, SEV-ES, and SEV-SNP - while introducing new restrictions on microcode hot-loading capabilities to prevent future exploitation attempts.

An academic collaboration—between research departments at Georgia Institute of Technology and Ruhr University Bochum—has produced two white paper studies that disclose details regarding the vulnerable nature of certain generations of Apple Silicon. The documents were made available online earlier in the week; readily accessible through their Predictors.Fail webpage. The "SLAP" attack paper's moniker is derived/abbreviated from its long-form title: "Data Speculation Attacks via Load Address Prediction on Apple" Silicon. A similarly uncatchy acronymization has been generated by the second paper's full title: "Breaking the Apple M3 CPU via False Load Output Predictions"—aka "FLOP" attack. The North American and German security research teams have partnered up in the past—their "iLeakage" speculative execution side-channel attack was documented back in October 2023.

Spectre and Meltdown are the original, and likely most famous/notorious examples of speculative execution CPU vulnerability—owners of particular processor architectures were affected at the start of 2018. The Predictors.Fail bulletin proposes that the latest side-channel attacks affect Apple hardware of 2021 vintage and beyond. The teams introduced SLAP as: "a new speculative execution attack that arises from optimizing data dependencies, as opposed to control flow dependencies." They believe that Apple models: "starting with the M2 and A15 are equipped with a Load Address Predictor (LAP), which improves performance by guessing the next memory address the CPU will retrieve data from based on prior memory access patterns. However, if the LAP guesses wrong, it causes the CPU to perform arbitrary computations on out-of-bounds data, which should never have been accessed to begin with, under speculative execution. Building on this observation, we demonstrate the real-world security risks of the LAP via an end-to-end attack on the Safari web browser, where an unprivileged remote adversary can recover email content and browsing behavior."

Companies and organizations are increasingly using AI to protect their customers and thwart the efforts of fraudsters around the world. Voice security company Hiya found that 550 million scam calls were placed per week in 2023, with INTERPOL estimating that scammers stole $1 trillion from victims that same year. In the U.S., one of four noncontact-list calls were flagged as suspected spam, with fraudsters often luring people into Venmo-related or extended warranty scams.

Traditional methods of fraud detection include rules-based systems, statistical modeling and manual reviews. These methods have struggled to scale to the growing volume of fraud in the digital era without sacrificing speed and accuracy. For instance, rules-based systems often have high false-positive rates, statistical modeling can be time-consuming and resource-intensive, and manual reviews can't scale rapidly enough.

NVIDIA has released urgent security patches addressing eight vulnerabilities in its GPU drivers and virtual GPU software that affect both Windows and Linux systems. The January 16 update targets multiple security flaws that could enable attackers with local access to execute malicious code, steal data, or crash affected systems. Two high-severity vulnerabilities stand out among the patches. The first (CVE-2024-0150) involves a buffer overflow in the GPU display driver that could lead to system compromise through data tampering and information disclosure. The second critical issue (CVE-2024-0146) affects the virtual GPU Manager, where a compromised guest system could trigger memory corruption, potentially leading to code execution and system takeover. For Windows systems, users must update to version 553.62 (R550 branch) or 539.19 (R535 branch). Linux users need to install version 550.144.03 or 535.230.02, depending on their driver branch.

The updates cover NVIDIA's RTX, Quadro, NVS, and Tesla product lines. Enterprise environments using NVIDIA's virtualization technology face additional risks. One vulnerability (CVE-2024-53881) allows guest systems to launch interrupt storms against host machines, potentially causing system-wide outages. To patch these security holes, virtual GPU software users must update to version 17.5 (550.144.02) or 16.9 (535.230.02). The vulnerabilities specifically target systems where attackers have local access, which means remote exploitation is unlikely. However, in virtualized environments where multiple users share GPU resources, these flaws pose a significant security risk. System administrators can download the security updates from NVIDIA's Driver Downloads page, while enterprise vGPU customers should obtain patches through the NVIDIA Licensing Portal. NVIDIA recommends immediate installation of these updates across all affected systems.

A new security breach is trying to pump the brakes on Path Of Exile 2's overwhelmingly positive late 2024 launch, as a mysterious hack appears to be making the rounds in the new RPG, although the source of the vulnerability is yet to be identified. According to a growing number of posts on the Path of Exile 2 forum, subreddit, and even the game's Steam reviews, players are apparently logging into their PoE 2 accounts only to find that all their loot and gear they've now spent dozens or even hundreds of hours grinding for, has been removed from their accounts. The most alarming thing is that nobody seems to know how these hacks are happening. Some players say they changed their main email address and Steam login passwords days before they were hacked, and most seem to have no Steam 2FA requests, suggesting that there is either a security issue with the Path of Exile 2 game servers or there is some sort of session hijacking happening that is giving bad actors access to player accounts.

Until now, Grinding Gear Games, the developer behind Path of Exile 2, has not openly commented on the hacking incidents, with a single comment from the support team on the forum advising players to email support about it if they encounter such instances. According to the Steam review mentioning an account hacking incident, however, the player managed to track down the hacker on his own, subsequently contacted support and posted about it in the PoE 2 forum, and asked the moderator to assist in preventing the sale of the rest of his goods. This attempt was apparently enough to get the gamer's forum posts removed and put on probation. Meanwhile, the support request was met even more unkindly, with PoE 2 support going so far as to lock him out of his own account. He also isn't alone, with others in the Path of Exile 2 forum reporting that sharing the in-game name of their alleged hacker with support has led to their game account being locked.

A new vulnerability was recently discovered in a widely used print server that is installed by default on many Linux and Unix-based systems with a graphical user interface. The primary attack vector for the vulnerability is the CUPS (Common Unit Printing System) print scheduler, specifically cups-browsed, and has the potential to execute code remotely with zero user interaction required.

The vulnerability has reportedly been given a CVSS score of 9.9 by RHEL and Canonical, although this score is hotly debated, with some arguing it should have a lower score, because, although code can be remotely downloaded to the system, it cannot be executed without user intervention. Fortunately, there is no evidence of the vulnerability having been exploited, although the disclosure was leaked online ahead of a planned private reveal in October, prompting the developer that discovered the vulnerability to post the full explanation in a write-up on their blog. This being the case, the vulnerability could very well start being exploited by malicious actors.

A critical security flaw known as "Sinkclose" (CVE-2023-31315) has been identified in all AMD processors dating back to 2006, potentially affecting hundreds of millions of devices worldwide. This vulnerability allows malicious actors to exploit the chip architecture, leading to unauthorized access to sensitive data. Researchers Enrique Nissim and Krzysztof Okupski, researchers from the security firm IOActive, have revealed that the vulnerability can be exploited through various methods, enabling attackers to extract confidential information from affected systems, including passwords and personal data. The issue is especially concerning, given that it is present in all AMD CPUs made in the last 18 years and their widespread use in both consumer and enterprise environments. However, to exploit this vulnerability, an attacker must possess access to system's kernel. Downloading of malware-infused files can trigger it, so general safety measures are recommended.

The Sinkclose method exploits a little-known capability in AMD processors called TClose. This name is a blend of "TClose" and "Sinkhole," with the latter referring to a previous vulnerability found in Intel's System Management Mode in 2015. AMD chips employ a protective mechanism named TSeg, which blocks operating systems from accessing a specific memory area reserved for System Management Mode (SMM), known as System Management Random Access Memory (SMRAM). However, the TClose feature is designed to maintain backward compatibility with older hardware that might use the same memory addresses as SMRAM. It does this by remapping memory when activated. The security experts discovered that they could manipulate this TClose remapping function using only standard operating system permissions. By doing so, they could deceive the SMM into retrieving altered data, enabling them to redirect the processor and run their own instructions with the high-level privileges of SMM. This technique essentially allows attackers to bypass standard security measures and execute malicious code at one of the most privileged levels of the processor, potentially compromising the entire system.

Researchers from the University of California, San Diego, have unveiled a significant security vulnerability affecting Intel Raptor Lake and Alder Lake processors. The newly discovered flaw, dubbed "Indirector," exposes weaknesses in the Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB), potentially allowing attackers to execute precise Branch Target Injection (BTI) attacks. The published study provides a detailed look into the intricate structures of the IBP and BTB within recent Intel processors, showcasing Spectre-style attach. For the first time, researchers have mapped out the size, structure, and precise functions governing index and tag hashing in these critical components. Particularly concerning is the discovery of previously unknown gaps in Intel's hardware defenses, including IBPB, IBRS, and STIBP. These findings suggest that even the latest security measures may be insufficient to protect against sophisticated attacks.

The research team developed a tool called "iBranch Locator," which can efficiently identify and manipulate specific branches within the IBP. This tool enables highly precise BTI attacks, potentially compromising security across various scenarios, including cross-process and cross-privilege environments. One of the most alarming implications of this vulnerability is its ability to bypass Address Space Layout Randomization (ASLR), a crucial security feature in modern operating systems. By exploiting the IBP and BTB, attackers could potentially break ASLR protections, exposing systems to a wide range of security threats. Experts recommend several mitigation strategies, including more aggressive use of Intel's IBPB (Indirect Branch Prediction Barrier) feature. However, the performance impact of this solution—up to 50% in some cases—makes it impractical for frequent domain transitions, such as those in browsers and sandboxes. In a statement for Tom's Hardware, Intel noted the following: "Intel reviewed the report submitted by academic researchers and determined previous mitigation guidance provided for issues such as IBRS, eIBRS and BHI are effective against this new research and no new mitigations or guidance is required."

AMD classified the Zenbleed vulnerability, CVE-2023-20593, as a medium-level threat about a year ago. AMD has acknowledged that it could potentially allow an attacker to access sensitive information under certain microarchitectural circumstances. Today, MSI has released new BIOS updates featuring AMD's AM4 AGESA 1.2.0.Ca firmware update. This update addresses the Zenbleed vulnerability affecting AMD's Ryzen 4000 series Zen 2 APUs. MSI is proactively rolling out the new BIOS updates across its range of compatible motherboards. The updates are currently available for almost all X570 motherboards, with support for other chipsets and 400 series motherboards expected to follow soon.

The AGESA 1.2.0.Ca firmware update specifically targets the Zenbleed vulnerability in the Zen 2 microarchitecture. Although the vulnerability primarily affects Ryzen 4000 "Renoir" APUs, it also exists in other Zen 2 processors, including the Ryzen 3000 series and certain EPYC and Threadripper CPUs. AMD has already addressed the Zenbleed vulnerability in previous AGESA microcode updates for Ryzen 3000 processors and other platforms, such as EPYC server CPUs and Ryzen mobile CPUs. However, the Ryzen Embedded V2000 CPUs are still awaiting the EmbeddedPi-FP6 1.0.0.9 AGESA firmware update, which is expected to be released by April. While AMD has not explicitly stated whether the security update will impact performance, previous testing of Zenbleed fixes has shown potential performance drops of up to 15% in certain workloads, although gaming performance remained relatively unaffected. Users with AM4 chips based on architectures other than Zen 2, such as Zen+ or Zen 3, do not need to update their BIOS as they are not affected by this specific vulnerability.

On February 26, 2024, AMD received new research related to an industry-wide DRAM issue documented in "ZENHAMMER: Rowhammering Attacks on AMD Zen-based Platforms" from researchers at ETH Zurich. The research demonstrates performing Rowhammer attacks on DDR4 and DDR5 memory using AMD "Zen" platforms. Given the history around Rowhammer, the researchers do not consider these rowhammering attacks to be a new issue.

Mitigation
AMD continues to assess the researchers' claim of demonstrating Rowhammer bit flips on a DDR5 device for the first time. AMD will provide an update upon completion of its assessment.

A team of academic researchers has uncovered a critical vulnerability in Apple M-series CPUs targeting data memory-dependent prefetcher (DMP) that could allow attackers to extract secret encryption keys from Macs. The flaw, called GoFetch, is based on the microarchitecture design of the Apple Silicon, which means that it cannot be directly patched and poses a significant risk to users' data security. The vulnerability affects all Apple devices powered by M-series chips, including the popular M1 and M2 generations. The M3 generation can turn a special bit off to disable DMP, potentially hindering performance. The DMP, designed to optimize performance by preemptively loading data that appears to be a pointer, violates a fundamental requirement of constant-time programming by mixing data and memory access patterns. This creates an exploitable side channel that attackers can leverage to extract secret keys.

To execute the GoFetch attack, attackers craft specific inputs for cryptographic operations, ensuring that pointer-like values only appear when they have correctly guessed bits of the secret key. By monitoring the DMP's dereference behavior through cache-timing analysis, attackers can verify their guesses and gradually unravel the entire secret key. The researchers demonstrated successful end-to-end key extraction attacks on popular constant-time implementations of both classical and post-quantum cryptography, highlighting the need for a thorough reevaluation of the constant-time programming paradigm in light of this new vulnerability.

An emergency update is being pushed for Surveillance Center in response to a severe vulnerability detected in the software that could potentially allow an attacker to gain control elevated privileges to execute code on ADM to install malware. This update fixes this underlying vulnerability. ASUSTOR strongly urges all users of Surveillance Center for ADM to install the latest version as soon as possible to protect themselves and to minimize the risk of malware infection. ASUSTOR also recommends taking additional security measures to guard against the potential harms of malware in accordance with previously announced protective measures.

ASUSTOR strongly recommends taking the following actions to ensure your data is secure:

• Change your password.
• Use a strong password.
• Change default HTTP and HTTPS ports. Default ports are 8000 and 8001 respectively.
• Turn off Terminal/SSH and SFTP services and other services you do not use.
• Make regular backups and ensure backups are up to date.
• Turn on and update snapshots if available.
• Enable the AbuseIPDB risk detection greylist.

New York-based security firm Trail of Bits has identified a security vulnerability with various GPU models, which include AMD, Qualcomm, and Apple. This vulnerability, named LeftoverLocals, could potentially allow attackers to steal large amounts of data from a GPU's memory. Mainstream client-GPUs form a sizable chunk of the hardware accelerating AI and LLMs, as they cost a fraction of purpose-built data-center GPUs, and are available in the retail market. Unlike CPUs, which have undergone extensive hardening against data leaks, GPUs were primarily designed for graphics acceleration and lack similar data privacy architecture. To our knowledge, none of the client GPUs use virtualization with their graphics memory. Graphics acceleration in general is a very memory sensitive application, and requires SIMD units to have bare-metal access to memory, with as little latency as possible.

First the good news—for this vulnerability to be exploited, it requires the attacker to have access to the target device with the vulnerable GPU (i.e. cut through OS-level security). The attack could break down data silos on modern computers and servers, allowing unauthorized access to GPU memory. The potential data breach could include queries, responses generated by LLMs, and the weights driving the response. The researchers tested 11 chips from seven GPU makers and found the vulnerability in GPUs from Apple, AMD, and Qualcomm. While NVIDIA, Intel, and Arm first-party GPUs did not show evidence of the vulnerability, Apple, Qualcomm, and AMD confirmed to wired that their GPUs are affected, and that they're working on a security response. Apple has released fixes for its latest M3 and A17 processors, but older devices with previous generations of Apple silicon remain vulnerable. Qualcomm is providing security updates, and AMD plans to offer mitigations through driver updates in March 2024.

Binarly's research team has discovered a collection of security vulnerabilities known as "LogoFAIL", which affects image parsing components within the UEFI firmware of a wide array of devices. These vulnerabilities are especially concerning because they are embedded within the reference code provided by Independent BIOS Vendors (IBVs), affecting not just a single vendor but a broad spectrum of devices that utilize this code. LogoFAIL is particularly dangerous because it allows attackers to bypass crucial security measures such as Secure Boot and Intel Boot Guard by executing a payload during the device's boot process. This is achieved by storing malicious images on the EFI System Partition or within unsigned sections of firmware updates. This method can compromise system security deeply without altering the runtime integrity of the bootloader or firmware, unlike other threats such as BlackLotus or BootHole.

The potential reach of LogoFAIL vulnerability is rather wide, with millions of consumer and enterprise-grade devices from various vendors, including ones like Intel, Acer, and Lenovo, being vulnerable. The exact list of affected devices is still undetermined, but the prevalence of the IBVs' code across numerous devices suggests that the impact could be widespread, with both Windows and Linux users being affected. Only PCs that don't allow any logotype displayed in the UEFI during the boot process are safe. Apple's Macs are secure as they don't allow any add-on images during boot, and some OEM prebuilt PCs, like the ones from Dell, don't allow images in the UEFI. Some makers like Lenovo, AMI, and Insyde have already published notes about cautiously uploading custom images to the UEFI and providing BIOS updates. Consumers and enterprises must check with their OEMs and IBVs for BIOS microcode updates to patch against this vulnerability.Below, you can see the proof of concept in a YouTube video.

Researchers at Graz University of Technology and the Helmholtz Center for Information Security have released their paper on CacheWarp—the latest vulnerability affecting some of the prior generation AMD EPYC CPUs. Titled CVE-2023-20592, the exploit targets first-generation EPYC Naples, second-generation EPYC Rome, and third-generation EPYC Milan. CacheWarp operates by exploiting a vulnerability in AMD's Secure Encrypted Virtualization (SEV) technology, specifically targeting the SEV-ES (Encrypted State) and SEV-SNP (Secure Nested Paging) versions. The attack is a software-based fault injection technique that manipulates the cache memory of a virtual machine (VM) running under SEV. It cleverly forces modified cache lines of the guest VM to revert to their previous state. This action circumvents the integrity checks that SEV-SNP is designed to enforce, allowing the attacker to inject faults without being detected.

Unlike attacks that rely on specific guest VM vulnerabilities, CacheWarp is more versatile and dangerous because it does not depend on the characteristics of the targeted VM. It exploits the underlying architectural weaknesses of AMD SEV, making it a broad threat to systems relying on this technology for security. The CacheWarp attack can bypass robust security measures like encrypted virtualization, posing a significant risk to data confidentiality and integrity in secure computing environments. AMD has issued an update for EPYC Milan with a hot-loadable microcode patch and updated the firmware image without any expected performance degradation. And for the remaining generations, AMD states that no mitigation is available for the first or second generations of EPYC processor (Naples and Rome) since the SEV and SEV-ES features are not designed to protect guest VM memory integrity, and the SEV-SNP is not available.

Hardware cybersecurity pioneer and industrial NAND storage specialist, Flexxon, today announced the launch of its latest security product, Xsign. Now available globally, the Xsign provides enhanced security through an innovative approach to unlocking sensitive data reserved only for authorized personnel.

With the use of the Xsign hardware security key, organisations will be provided with a tailored software platform that syncs only with the Xsign key, thereby granting access to pre-defined users. Beyond its function as a security key, the Xsign also operates as a traditional storage card, equipped with Flexxon's industry leading reliability and performance. Key beneficiaries of the solution include industries that handle personal and sensitive data like the healthcare, finance, and government and defense sectors.

Intel has recently revealed a security vulnerability named Downfall (CVE-2022-40982) that impacts multiple generations of Intel processors. The vulnerability is linked to Intel's memory optimization feature, exploiting the Gather instruction, a function that accelerates data fetching from scattered memory locations. It inadvertently exposes internal hardware registers, allowing malicious software access to data held by other programs. The flaw affects Intel mainstream and server processors ranging from the Skylake to Rocket Lake microarchitecture. The entire list of affected CPUs is here. Intel has responded by releasing updated software-level microcode to fix the flaw. However, there's concern over the performance impact of the fix, potentially affecting AVX2 and AVX-512 workloads involving the Gather instruction by up to 50%.

Phoronix tested the Downfall mitigations and reported varying performance decreases on different processors. For instance, two Xeon Platinum 8380 processors were around 6% slower in certain tests, while the Core i7-1165G7 faced performance degradation ranging from 11% to 39% in specific benchmarks. While these reductions were less than Intel's forecasted 50% overhead, they remain significant, especially in High-Performance Computing (HPC) workloads. The ramifications of Downfall are not restricted to specialized tasks like AI or HPC but may extend to more common applications such as video encoding. Though the microcode update is not mandatory and Intel provides an opt-out mechanism, users are left with a challenging decision between security and performance. Executing a Downfall attack might seem complex, but the final choice between implementing the mitigation or retaining performance will likely vary depending on individual needs and risk assessments.

A new vulnerability has been discovered in AMD Zen 2 based CPUs by Tavis Ormandy, a Google Information Security researcher. Ormandy has named the new vulnerability Zenbleed—also known as CVE-2023-20593—and it's said to affect all Zen 2 based AMD processors, which means Ryzen 3000, 4000 and 5000-series CPUs and APUs, as well as EPYC server chips. The reason why Zenbleed is of concern is because it doesn't require a potential attacker to have physical access to the computer or server in question and it's said to be possible to trigger the vulnerability via executing a javascript on a webpage. This means that the attack vector ends up being massive, at least when we're talking about something like a webhosting company.

Zenbleed is said to allow a potential attacker to gain access to things like encryption keys and user logins via triggering something called "the XMM Register Merge Optimization2, followed by a register rename and a mispredicted vzeroupper." Apparently this requires some precision for the vulnerability to work, but due to these registers being used system wide, even a sandboxed attacker can gain access to them. AMD has already issued a patch for its EPYC server CPUs, which obviously are the most vulnerable systems in question and the company is planning to release patches for all of its Zen 2 based CPUs before the end of the year. Hit up the source links for more details about Zenbleed.

Researchers at the Technical University of Berlin have published a paper called "faulTPM: Exposing AMD fTPMs' Deepest Secrets," highlighting AMD's firmware-based Trusted Platform Module (TPM) is susceptible to the new exploit targeting Zen 2 and Zen 3 processors. The faulTPM attack against AMD fTPMs involves utilizing the AMD secure processor's (SP) vulnerability to voltage fault injection attacks. This allows the attacker to extract a chip-unique secret from the targeted CPU, which is then used to derive the storage and integrity keys protecting the fTPM's non-volatile data stored on the BIOS flash chip. The attack consists of a manual parameter determination phase and a brute-force search for a final delay parameter. The first step requires around 30 minutes of manual attention, but it can potentially be automated. The second phase consists of repeated attack attempts to search for the last-to-be-determined parameter and execute the attack's payload.

Once these steps are completed, the attacker can extract any cryptographic material stored or sealed by the fTPM regardless of authentication mechanisms, such as Platform Configuration Register (PCR) validation or passphrases with anti-hammering protection. Interestingly, BitLocker uses TPM as a security measure, and faulTPM compromises the system. Researchers suggested that Zen 2 and Zen 3 CPUs are vulnerable, while Zen 4 wasn't mentioned. The attack requires several hours of physical access, so remote vulnerabilities are not a problem. Below, you can see the $200 system used for this attack and an illustration of the physical connections necessary.

Google's internal team Project Zero, dedicated to the discovery and patching of zero-day vulnerabilities in mobile hardware, software, web browsers and open source libraries disclosed a series of vulnerabilities in Samsung's Exynos chipsets featured across a wide range of mobile devices. Four of these critical vulnerabilities allow for internet-to-baseband remote code execution, and testing conducted by Project Zero confirmed that an attacker can compromise a phone at the baseband level with only the victim's phone number. They believe that with sufficient skill an attacker could exploit these vulnerabilities completely silently and remotely. The fourteen other vulnerabilities are related but considered to not be as critical as they require a more extensive setup including a malicious mobile network operator or local access to the targeted device.

Due to the severity of the main four critical vulnerabilities Project Zero has delayed full disclosure on how the exploit works stating:

Due to a very rare combination of level of access these vulnerabilities provide and the speed with which we believe a reliable operational exploit could be crafted, we have decided to make a policy exception to delay disclosure for the four vulnerabilities that allow for Internet-to-baseband remote code execution.

Microsoft today unleashed a slew of updates for its March Patch Tuesday to address around 80 security vulnerabilities in the wild. To begin, Windows 10 patches KB5023696 and KB5023697 address system and security issues in Windows 10 versions 22H2, 21H2, 21H1, 1809, and 1607 as well as Windows Server 2016. These are being deployed as non-optional updates and will be automatically installed via Windows Update (unless you run a modified or locked down install). Windows 10 1507 also received a small patch, KB5023713, which similarly addresses security fixes as well as hyperlinks in Excel.

Microsoft today also releases fixes for two critical zero-day vulnerabilities that were being actively exploited as far back as April of 2022. The two exploited vulnerabilities are CVE-2023-23397 and CVE-2023-24880. CVE-2023-23397 is an elevated privilege attack that allows crafting special emails that can force a target's device to connect to remote URLs and transmit the Windows account's Net-NTLMv2 hash. CVE-2023-24880 is a Windows SmartScreen vulnerability that can be exploited to create executables which bypass the Windows Mark of the Web security warning.

Phoenix Technologies, a leading independent firmware supplier for PCs and computing devices, has launched FirmGuard, a cyber security product to address firmware vulnerability. Firmware is the software that connects a device's microchips to the operating system.

Phoenix Technologies is the first UEFI (Unified Extensible Firmware Interface) vendor to offer an enterprise cyber security product. FirmGuard is a cloud-based service, which has been initially targeted at managed service providers (MSPs). It will also be offered to large enterprise and government organizations.

After a thorough investigation and verification process, QNAP Systems, Inc. (QNAP) today addressed vulnerability CVE-2021-36260 of Hikvision cameras and provides the following recommendations to QVR Pro and QVR Elite users who may be potentially affected. According to the security advisory by Hikvision, if these cameras are installed in the same LAN network, and this network cannot be accessed externally, attackers will NOT be able to exploit this vulnerability.

Although this vulnerability does not directly influence QNAP surveillance products, it is highly recommended to update the firmware of the cameras listed in the advisory to reduce the possibility of being exposed to potential risks. These risks include, but is not limited to, failure to record from cameras that stop working, or receiving forged data from cameras.

The x86 CPU family has been vulnerable to many attacks in recent years. With the arrival of Spectre and Meltdown, we have seen side-channel attacks overtake both AMD and Intel designs. However, today we find out that researchers are capable of exploiting Intel's latest 10th, 11th, and 12th generation Core processors with a new CPU bug called ÆPIC Leak. Named after Advanced Programmable Interrupt Controller (APIC) that handles interrupt requests to regulate multiprocessing, the leak is claimeing to be the first "CPU bug able to architecturally disclose sensitive data." Researchers Pietro Borrello (Sapienza University of Rome), Andreas Kogler (Graz Institute of Technology), Martin Schwarzl (Graz), Moritz Lipp (Amazon Web Services), Daniel Gruss (Graz University of Technology), and Michael Schwarz (CISPA Helmholtz Center for Information Security) discovered this flaw in Intel processors.

ÆPIC Leak is the first CPU bug able to architecturally disclose sensitive data. It leverages a vulnerability in recent Intel CPUs to leak secrets from the processor itself: on most 10th, 11th and 12th generation Intel CPUs the APIC MMIO undefined range incorrectly returns stale data from the cache hierarchy. In contrast to transient execution attacks like Meltdown and Spectre, ÆPIC Leak is an architectural bug: the sensitive data gets directly disclosed without relying on any (noisy) side channel. ÆPIC Leak is like an uninitialized memory read in the CPU itself.

A privileged attacker (Administrator or root) is required to access APIC MMIO. Thus, most systems are safe from ÆPIC Leak. However, systems relying on SGX to protect data from privileged attackers would be at risk, thus, have to be patched.