-
Also dropped today from TU Graz was
#ZombieLoad. ZombieLoad uncovers a novel Meltdown-type effect in previously unexplored fill-buffer logic. https://zombieload.com is dedicated to this vuln, w/ FAQ. Paper here: https://zombieloadattack.com/zombieload.pdf Exploit POC here:https://github.com/IAIK/ZombieLoadPrikaži ovu nit -
Blog post from Red Hat with technical detail on MDS vulns (with long deep-dive video): https://www.redhat.com/en/blog/understanding-mds-vulnerability-what-it-why-it-works-and-how-mitigate-it … Blog post with technical detail on
#ZombieLoad: https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html … Intel advisory:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html …Prikaži ovu nit -
It's true beer enhance skills, this is what my current fork of
#ZombieLoad is able to do
- 64 bytes leaked from /etc/shadow in ~3 minutes
- leak url visited on a browser in the MacOS Host from Guest VM
Should be clear how important is, to update
cc @vu5ec@tugrazpic.twitter.com/IU78JJVA5s
-
#ZombieLoad is no joke. It has multiple practical attack scenarios across CPU privilege rings, OS processes, VMs, and SGX enclaves. Disabling hyperthreading is the only possible workaround to prevent this extremely powerful attack on current processors.Prikaži ovu nit -
The Transactional Asynchronous Abort (TAA) variant of
#ZombieLoad has just been published. Read the full report in our Blog: https://cyberus-technology.de/posts/2019-11-12-taa.html … -
Read about how my team updated our side channel vulnerability mitigation architecture, HyperClear. https://techcommunity.microsoft.com/t5/Virtualization/5-14-Hyper-V-HyperClear-Update/ba-p/566499 …
#ZombieLoad#HyperV#Intel#Azure -
From the director of the award-winning "Meltdown & Spectre" and "Foreshadow" comes the new thriller "ZombieLoad", now in your nearest Intel CPU.
#Zombieload https://zombieloadattack.com/ https://youtu.be/Oeb-O4yKK2c -
#ZombieLoad vulnerabilities impacting Intel Hardware
https://cards.twitter.com/cards/18ce53ypr6l/7d3fx … -
Using
#ZombieLoad to leak the root password hash from /etc/shadow within a few minutes (https://youtu.be/rKncAFAShkQ for high-resolution version in original speed)pic.twitter.com/oHPXY4sLDdPrikaži ovu nit -
#ZombieLoad: a new#Meltdown attack on#Intel CPUs leaking data which is currently loaded from memory - across programs, hyperthreads, SGX, and VMs.#MDS#cpufail#intelbug https://zombieloadattack.com /cc@mlqxyz@danielmgmi@jovanbulck@blitzclone@gonzodaruler@lavadospic.twitter.com/hpHlTh0ey8
-
After
#Meltdown and#Spectre: TU Graz researchers discover new security flaws.#ZombieLoad impacts on the security of#Intel processors. Patches developed last year are ineffective, new updates will be necessary. https://www.tugraz.at/en/tu-graz/services/news-stories/tu-graz-news/singleview/article/nach-meltdown-und-spectre-tu-graz-forscher-entdecken-neue-sicherheitsluecken0/ …@misc0110@mlqxyz@lavados@tugraz_csbmepic.twitter.com/IDIYMbtPWc
-
Very nice interactive diagram at https://mdsattacks.com/ Perhaps most telling is how many uncolored parts remain to be explored..
#ZombieLoad#Fallout#RIDL#MDShttps://twitter.com/r00tkillah/status/1128503526613635073 …
-
Install new security updates: Since an international team lead by
@tugraz discovered the processor loophole#ZombieLoad there has been a software patch and new processors. But with a new variant of the old attack these are no longer safe either: https://www.tugraz.at/en/tu-graz/services/news-stories/media-service/singleview/article/zombieload-2-0-greift-auch-neue-prozessoren-und-software-patch-an0/ …pic.twitter.com/YswaWGBd9v
-
When I grow up I want to work in the Exploit Marketing Department™
#ZombieLoad pic.twitter.com/csrA5rDqyv
-
We have just released a dedicated security assessment for Intel’s Microarchitectural Data Sampling vulnerabilities (aka Zombieload) in
#MDATP#TVM#Zombieload https://aka.ms/Zombieload pic.twitter.com/E5vBdUvd8t
-
#WhatsApp breach,#Cisco's vulnerability,#ZombieLoad &#Microsoft bug - Today on#60SecCyber - Subscribe Now for Daily Content:
https://www.youtube.com/cyberhubengage
.
#WednesdayWisdom#CyberSecurity#Patching#Hacker#DataBreach#WinXP#WannaCry#phishing#dos#ransomware#malware#viruspic.twitter.com/cTGPSa1xPX -
Want to try out
#ZombieLoad? Check out https://github.com/IAIK/ZombieLoad#MDS#cpufail#intelbug /cc@misc0110@danielmgmi@jovanbulck@blitzclone@gonzodaruler@lavados -
Totally Practical Attack: if you run this on the latest fully patched SGX enclave (with HT enabled) (https://github.com/FICS/smcsgx/blob/master/send_enclave/send_enclave.cpp …), you can literally recover the shared secret of sgx_rijndael128GCM_encrypt using
#ZombieLoad -
We have catched three more zombies


for the RuhrSec training about "Microarchitectural Attacks"; this training will be given by some of the authors of #ZombieLoad. Save one of the last seats to get your vaccination now!
https://www.ruhrsec.de/2019/index.html#talks …https://twitter.com/misc0110/status/1128344467738644481 …
-
8% reduction in performance for Cascade Lake with the new #zombieload TAA mitigation (geometric mean of Ubuntu Linux performance tests) Holy crap that's a lot. https://www.phoronix.com/scan.php?page=article&item=zombieload-v2-taa&num=1 …#intel$intc#silicongang#AMD#cascadelakepic.twitter.com/qXwCUi71zH
Prikaži ovu nit
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.