Foreshadow and The Like: Recent Vulnerabilities

Posted on Thursday, August 16, 2018
Get in touch
By Craig Lodzinski
Chief Technologist


More News

Over the last week the great, the good, and the not so good of the infosec community descended upon Las Vegas for the two biggest conferences in the industry - Blackhat and DEF CON. With researchers looking to present their best work to the biggest possible audience, naturally the news coming out of these conferences has been thick and fast. We've summed up the biggest and most interesting titbits revealed in Vegas in one easy to digest article.

Inside Intel

After Spectre and Meltdown had such a huge impact last year, it goes without saying that researchers have been looking for similar flaws, and accelerating their previous, parallel work on Intel CPUs having seen the response to Spectre and Meltdown.

One such vulnerability (or more accurately, a set of three) is Foreshadow, another speculative execution attack which exploits a vulnerability to attack the secure enclave. Unlike Spectre and Meltdown, Foreshadow can attack Intel's SGX technology and virtual machines, as well as the OS kernel, and does not require a side-channel vulnerability in the enclave memory in order to be effective.

While another reminder of the security issues surrounding modern processor architectures, Foreshadow has been responsibly disclosed, and patches already released to mitigate this vulnerability. There have been no attacks seen using these vulnerabilities in the wild.

Lost your Marbles?

US government investigators, alongside industry researchers, have revealed details of 'KEYMARBLE', a Remote Access Trojan (RAT) linked to the 'Hidden Cobra' group of hackers, linked to the government of North Korea. Likely used for targeted espionage and sabotage, KEYMARBLE dials back to the North Korean command and control servers to receive instructions once it has got its hooks into the target machine.

US CERT have published an in-depth report and mitigation advice, but we see limited risk to our customers from this malware, as Hidden Cobra normally attack politically motivated targets in the US and South Korea.

Faxploitation

A bit of a niche one this - researchers at Check Point have discovered a vulnerability, called 'Faxploit', which uses just a fax number to attack a machine and the wider network that it is connected to. The research was conducted on HP All-in-one printers with fax functionality, but it is believed that other machines and types of fax functionality may be vulnerable. The attack can trigger a buffer overflow which allows for remote code execution.

There have been no attacks seen in the wild using this method, and thanks to responsible disclosure, HP have already provided patches to close this off. However, as our environments become increasingly interconnected with IoT devices and more, these attacks highlight the importance of good security practice and network segmentation.

Pwnie Express

To finish, let's have a run through the winners (or maybe that should be losers) of the annual Pwnie awards, which celebrate the biggest achievements and failures of the security community. Some of the names should be no surprise.

Spectre and Meltdown took the awards for most innovative research and Best Privilege Escalation Bug, beating off the competition thanks to the widespread impact and groundbreaking nature of the research involved.

Michal Zalewski took home the lifetime achievement award, thoroughly deserving of this for a long career in security research. If you're not familiar with American Fuzzy Lop, or the book 'Silence on the Wire', they're worth the time to look into.

Finally, the award nobody wants to take home, the Pwnie for Lamest Vendor Response was hotly contested, but ultimately went to Bitfi, the 'Unhackable' Bitcoin wallet backed by John McAfee (who else?) that was, in reality, child's play to break into. Bitfi of course responded by claiming that multiple attackers showing that they could easily root the device doesn't mean it was compromised. Another story of what happens when you engineer for buzzwords and PR rather than positive technology outcomes.

Get in Touch

There's much more that has been revealed, and much more still to come, but these are the main talking points we've seen so far. If you have any questions or just want to talk security, please get in touch below or contact your Softcat Account Manager.

Get in touch
Comments

We would love to hear any comments you have about this article!