Mastodawn

simplyblock Aug 2, 2024

🚨 Podcast Alert 🚨
This week's episode is special! We talked to Michael Schwarz, from CISPA, who personally was involved with the research of CPU attacks such as #Meltdown, #Spectre and #CacheWarp.

Don't miss this episode.

Find links to #Youtube, #Spotify, and more on our show page: https://www.simplyblock.io/cloud-commute-podcast

Cloud Commute | simplyblock.io

Cloud Commute is your weekly 20 minute podcast, talking with guests about all things cloud, storage, security, Kubernetes, and others.

simplyblock.io

SCHUTZWERK GmbH Nov 24, 2023

Researchers at CISPA Helmholtz Center and Graz University of Technology uncovered the "CacheWarp" exploit (https://cachewarpattack.com/). Our colleague Youheng Lü is one of the researchers who found it. A single write drop can empower attackers to seize control using openssh and sudo. Youheng shares his insights and explains exploitation of CacheWarp in our blogpost: https://www.schutzwerk.com/blog/cachewarp/ #cybersecurity #CacheWarp #AMDSEV #technology

CacheWarp

Marcel SIneM(S)US Nov 16, 2023

#CacheWarp: Loch in Hardware-Verschlüsselung von #AMD-CPUs | Security https://www.heise.de/news/CacheWarp-Loch-in-Hardware-Verschluesselung-von-AMD-CPUs-9528270.html

CacheWarp: Loch in Hardware-Verschlüsselung von AMD-CPUs

Der jetzt vorgestellte CacheWarp-Angriff überwindet die RAM-Verschlüsselung, mit der AMD-Prozessoren Cloud-Instanzen voneinander abschotten wollen.

heise online

DACBARBOS Brand Nov 15, 2023

After AMD's #CacheWarp https://cachewarpattack.com, here comes INTEL's #Reptar https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html #cpu #infosec

CacheWarp

Stefan Gast Nov 15, 2023

Congrats to Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lu, Andreas Kogler and @misc0110 for #CacheWarp: https://cachewarpattack.com/

CacheWarp

ottoto Nov 15, 2023

「 #CacheWarp 攻撃: #AMD #SEV の新たな #脆弱性により暗号化された VM が公開される」： The Hacker News

「学者グループは、AMD の Secure Encrypted Virtualization ( SEV ) テクノロジに対する新たな「ソフトウェア障害攻撃」を明らかにしました。この攻撃は、脅威アクターによって悪用されて、暗号化された仮想マシン (VM) に侵入し、さらには権限昇格を実行する可能性があります。

この攻撃は、CISPA ヘルムホルツ情報セキュリティセンターとグラーツ工科大学の研究者によってCacheWarp (CVE-2023-20592)というコード名が付けられました。これは、SEV のすべてのバリアントをサポートする AMD CPU に影響します。」

https://thehackernews.com/2023/11/cachewarp-attack-new-vulnerability-in.html

#prattohome #TheHackerNews

CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

Researchers uncover new "CacheWarp" attack on AMD's SEV technology. It could lead to privilege escalation in encrypted VMs.

The Hacker News

Dennis "D.C." Dietrich Nov 14, 2023

"A new software-based fault injection attack, #CacheWarp, can let threat actors hack into #AMD #SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution."
#PrivilegeEscalation #FaultInjectionAttack #CyberSecurity #vulnerability #VirtualMachines
https://www.bleepingcomputer.com/news/security/new-cachewarp-amd-cpu-attack-lets-hackers-gain-root-in-linux-vms/

New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs

A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution.

BleepingComputer

DFN-CERT Nov 14, 2023

#CacheWarp (CVE-2023-20592) allows remote code execution and privilege escalation in targeted VMs that rely on AMD Secure Encrypted Virtualization (SEV).

https://cachewarpattack.com/
cheers #cispa, #tugraz

Microcode updates available by AMD for 3rd Gen AMD EPYC Processors. No mitigation for 1st and 2nd Gen.

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3005.html