By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.

A new side-channel vulnerability has been discovered called PortSmash that uses a timing attack that to steal information from other processes running in the same CPU core with SMT/hyper-threading enabled. Utilizing this attack, researchers were able to steal the private decryption key from an OpenSSL thread running in the same core as their exploit. SMT/Hyper-threading is when one physical CPU core is split into two virtual logical cores that can be used to run two separate process threads at once. This method can increase performance as the two threads will utilize idle CPU resources more efficiently to execute instructions faster. A side channel timing attack is when an attacker analyzes how fast a thread executes particular instructions and utilizes that information to work backward to discover what data was used as input. The PortSmash vulnerability was discovered by researchers Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, and Nicola Tuveri from the Tampere University of Technology in Finland and Alejandro Cabrera Aldaya from the Universidad Tecnologica de la Habana CUJAE in Cuba.  An advisory was made to the OSS-Sec mailing list and their research has been submitted as a paper titled "Port Contention for Fun and Profit" as an IACR eprint, which is currently awaiting moderation before it's released. Learn more on this security update by visiting OUR FORUM.

Kevin Backhouse, a researcher from  U.S.-based security company Semmle, has uncovered six software vulnerabilities in Apple’s XNU operating system kernel, which is used in all of Apple's devices. The vulnerabilities have affected more than 1.3 billion devices worldwide. According to the Semmle researcher, the critical vulnerabilities exist in the XNU kernel used by Apple’s iOS, macOS, tvOS and watchOS operating systems. Backhouse said attackers could use these low-level software flaws to take remotely control any Apple device on the same network. The vulnerabilities exist in the kernel’s networking code and its client-side Network File System (NFS) implementation. The first vulnerability is a heap buffer overflow flaw in the ICMP packet-handling module of the XNU kernel’s networking code (CVE-2018-4407). An attacker could use this bug to run arbitrary code on a user’s machine, extract data, or cause a reboot. Backhouse also warned that because the flaw can be so easily exploited, it could be automated as a denial-of-service attack, which may then crash all affected devices on a network, potentially shutting down an entire organization. User interaction is not required for attackers to be able to take advantage of this vulnerability. The five bugs the researcher found in Apple’s NFS implementation could also allow attackers to read, write and delete files on a user’s NFS-mounted drive, as well as install applications or wipe the device entirely. The NFS implementation bugs primarily affect macOS machines. More can be found on OUR FORUM.

Things might have gone badly wrong for Microsoft with the Windows 10 October 2018 Update, but the company is working hard on the next big feature release out next spring. Build 18272 (19H1) pushed out to Insiders on the Fast ring today (and also available in ISO form) includes some input improvements and new sign-in options for Windows Hello. SwiftKey’s AI technology supports more languages from this build, and Indic Phonetic keyboards are now available. The Sign-in options in Settings have been simplified to make it easier for you to choose the best method for your needs.
There have also been some improvements made to the Snip & Sketch app, and Sticky Notes has been updated to 3.1 with a full-on dark mode and faster syncing.
General changes, improvements, and fixes in this build include:
Microsoft is rolling out a feature where if you right click on a group name or tile folder in Start, you will now have an option to unpin it. Currently 50 percent of Insiders will have this option.

AOC monitors are a favorite of mine. While they may not be the top of the line, these reliable displays offer a lot of "bang for your buck." In other words, they are budget-friendly, allowing you to save money. If you are a system builder, you know that money saved on a display can be used towards PC components, such as RAM, storage, etc. If you want one of those fancy new curved monitors, today, AOC launches a new model. The C32V1Q, as it is called, features a 32-inch screen. While a big display is appreciated, please know, the resolution is just 1080p. While that should be OK for gaming, you might experience blurry text during general use. Personally, I don't like to exceed 24-inch with 1080p, but ultimately, the consumer needs to make that decision. "The C32V1Q is AOC’s newest curved monitor. The monitor features a minimalistic well-built design with a glossy black body, metallic silver finish and sleek curves. The curved ultra-slim frameless design is perfect for multi-display viewing and enables seamless multi-monitor setups designed to boost productivity. The borderless display offers a detailed 1920x1080 resolution and 60Hz refresh rate. The VA panel has viewing angles of 178 degrees, allowing users to enjoy consistent color uniformity and accuracy at all angles. The display also has a 20M:1 dynamic contrast with a 4ms response time, and features several different inputs, including one VGA, one DisplayPort and one HDMI for connectivity of all users’ high-quality digital video and audio devices," says AOC. We have more including price posted on OUR FORUM.

Windows 10 UWP bug allowed full file system access without asking permission. A report by BleepingComputer has shed light on a Windows 10 bug that granted certain Universal Windows Platform (UWP) apps full access to a device’s file system, a great deal more than the expected limited file access. UWP apps are allowed to request this extra access, however, they are expected to explain to Microsoft what the access will be used for when submitting the app to the store. UWP apps that use this extra access are also supposed to prompt a settings screen with the ability to enable this access when the app is first used. Unfortunately, this screen wasn’t being prompted correctly and it doesn’t appear as if Microsoft is being that strict with app developers submitting such apps to the store. This settings prompt bug has apparently been fixed in the Window 10 October 2018 update though that update has been delayed due to some other, unrelated, bugs. You can read more about the nitty-gritty of this issue, and view some code samples, over on BleepingComputer.
Does this issue bother you? Share your thoughts with the community in the comments below.
Source: onmsft.com

No matter how robust an operating system is, it is difficult for it to be completely free of possible threats. Given that cybercriminals are constantly reinventing themselves, it follows that the same goes for cyberthreats. It is a constant cycle where any delay or slip up can open up new points of entry for unwanted visitors. And if operating systems are vulnerable, the companies using them are also vulnerable. In many cases, companies entrust their corporate cybersecurity to a single piece of default software; but experience shows that this is not enough. We now yet more proof of this. And what’s more, it affects a huge number of companies all over the world.
The vulnerabilities in Windows 10
This is exactly what has happened to Windows 10. Several vulnerabilities were found in this new version of the most widely used operating system in the world almost as soon as it was launched. But it has now set alarm bells ringing once again. In this case, the vulnerability is in ExploitGuard CFA File Creator, a tool provided by Windows in order for users to monitor the changes that certain programs are able to make to files within specific folders. The intention behind this tool was clear: it would allow the user to control possible unwanted access, and to avoid possible attacks from untrusted programs. And, put bluntly, the results couldn’t have been more counterproductive. As cybersecurity expert Soya Aoyama has demonstrated, there is a way to insert a malicious DLL so that, when Internet Explorer (which is on the CFA’s list of trusted programs) is run, ransomware can be inserted into the protected folders. I.e., this cyberattack takes advantage of a piece of software that is apparently harmless (Internet Explorer) in order to get into these folders. The worst thing about this may be the fact that, so far, Windows Defender, which has already had one or two problems itself, hasn’t been able to detect this problem on its system. And it doesn’t stop there: when Aoyama disclosed this vulnerability, the company didn’t feel it necessary to launch a patch, since, in their opinion, in order for the risk to be real, unauthorized access must have taken place before the DLL was launched. If we apply this to a corporate environment, the risks are clear. At the moment when the DLL arrives in an employee’s protected folders, it could set off a chain of attacks in the rest of the company, causing a serious corporate cybersecurity problem.