Security flaw discovered in the co
Table of contents:
We are still not recovering from what is happening with Specter and Meltdown , as a new vulnerability is discovered that is now affecting AMD processors.
Security flaw found in AMD Secure co-processor, would affect all AMD CPUs
The flaw has to do with the co-processor called AMD Secure and would be corrected only with a BIOS / UEFI / firmware update. This component, previously known as AMD PSP (Platform Security Processor), is a chip-on-chip security system, similar to the much-hated Intel Management Engine (ME).
Like the Intel ME, AMD Secure is an integrated co-processor that sits alongside the AMD64 x86 cores and runs a separate operating system tasked with managing various security-related operations for the data being processed.
The flaw was discovered by Cfir Cohen, a security researcher with the Google Cloud Security Team. The man claims to have found the vulnerability in the TPM (Trusted Platform Module) of the AMD Secure processor. This TPM is in charge of storing critical system data, such as passwords, certificates and encryption keys, in a secure environment and outside the easily accessible AMD cores.
The Google researcher reported the flaw to AMD in September, and AMD told the researcher in December that they had developed a patch and were preparing to release it. We are already in the month of January and we still have no news of that update.
This failure would be very similar to the aforementioned Intel ME, which in November allowed attackers to install rootkits and recover data from Intel Core processors.
We will keep you informed when we have more news on this matter.
Bleepingcomputer fontDiscovered a serious flaw in a Windows execution code
Discovered a serious flaw in a Windows execution code. Researchers at Google Project Zero discover a serious flaw.
Serious security flaw discovered in wd's my cloud nas drives
It turns out that this security flaw in devices with My Cloud NAS allows anyone to log in to the device with username mydlinkBRionyg and password abc12345cba.
Confirmed a security flaw in windows 10 and windows server 2016 discovered by the nsa
Confirmed a security flaw in Windows 10 and Windows Server 2016 discovered by the NSA. Find out more about this security flaw.