deltatux 

During this year's #BlackHat conference, security researcher Daniel Moghimi is set to present "Downfall", a new speculative execution vulnerability found in Intel processors from 2014-2023.

This new speculative execution vulnerability if exploited could allow attackers steal encryption keys & passwords.

Intel noted that they haven't seen this vulnerability being exploited in the wild and that detection is difficult.

Moghimi stated that exploiting was relatively easy, he goes on to say:

When I discovered this vulnerability, it took me maybe a couple of weeks to come up with attacks that work. I was just a one-person researcher without any resources, you can imagine if you have a team of black hat hackers, you can probably do a lot more with it.While the flaw exists in hardware, Intel has provided microcode updates & the #Linux kernel maintainers have published mitigations for this flaw in today's kernel release.

#infosec #cybersecurity #DOWNFALL #speculativeexecution #Intel #CPUBug

- https://cyberscoop.com/downfall-intel-cpu-vulnerability/
- https://www.bleepingcomputer.com/news/security/new-downfall-attacks-on-intel-cpus-steal-encryption-keys-data/

‘Downfall’ vulnerability leaves billions of Intel CPUs at risk 

A vulnerability in Intel’s x86 chips major raises questions about the assumptions underlying computer security models.

CyberScoop
Aug 8, 2023 at 7:15pmWeb