Forwarded from TechToday News
#Hardware #Vulnerability #Report
Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update
Multiple vulnerabilities in Intel Manageability Engine Firmware allow local arbitrary code execution & privilege escalation.
⚠️ upgrading your CPU firmware
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.
As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.
As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.
🔹 6th, 7th & 8th Generation Intel® Core™ Processor Family
🔹 Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
🔹 Intel® Xeon® Processor Scalable Family
🔹 Intel® Xeon® Processor W Family
🔹 Intel® Atom® C3000 Processor Family
🔹 Apollo Lake Intel® Atom Processor E3900 series
🔹 Apollo Lake Intel® Pentium™
🔹 Celeron™ N and J series Processors
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086
Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update
Multiple vulnerabilities in Intel Manageability Engine Firmware allow local arbitrary code execution & privilege escalation.
⚠️ upgrading your CPU firmware
Summary: In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.
As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.
Description: In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.
As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.
Affected products: 🔹 6th, 7th & 8th Generation Intel® Core™ Processor Family
🔹 Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
🔹 Intel® Xeon® Processor Scalable Family
🔹 Intel® Xeon® Processor W Family
🔹 Intel® Atom® C3000 Processor Family
🔹 Apollo Lake Intel® Atom Processor E3900 series
🔹 Apollo Lake Intel® Pentium™
🔹 Celeron™ N and J series Processors
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086
Forwarded from TechToday News
#Hardware #RF #SDR #Hack #Security #Report #Tool
TEMPESTSDR: AN SDR TOOL FOR EAVESDROPPING ON COMPUTER SCREENS VIA UNINTENTIONALLY RADIATED RF
Thanks to RTL-SDR.com reader 'flatflyfish' for submitting information on how to get Martin Marinov's TempestSDR up and running on a Windows system. If you didn't already know by definition "TEMPEST" refers to techniques used by some spy agencies to eavesdrop on electronic equipment via their unintentional radio emissions (as well as via sounds and vibrations). All electronics emit some sort of unintentional RF signals, and by capturing and processing those signals some data can be recovered. For example the unintentional signals from a computer screen could be captured, and converted back into a live image of what the screen is displaying.
TempestSDR is an open source tool that allows you to use any SDR that has a supporting ExtIO (such as RTL-SDR, Airspy, SDRplay, HackRF) to receive the unintentional signal radiation from a screen, and turn that signal back into a live image. This can let you view what is on a screen without any physical connections. If a high gain directional antenna is used then it may be possible to receive images from several meters away as well.
https://www.rtl-sdr.com/tempestsdr-a-sdr-tool-for-eavesdropping-on-computer-screens-via-unintentionally-radiated-rf/
https://github.com/martinmarinov/TempestSDR
https://youtu.be/mBJ6uQZsF9c
https://www.youtube.com/watch?v=AbaV2sWrsZc
https://climateviewer.com/2014/01/18/nsa-tempest-attack-can-remotely-view-computer-cellphone-screen-using-radio-waves/
TEMPESTSDR: AN SDR TOOL FOR EAVESDROPPING ON COMPUTER SCREENS VIA UNINTENTIONALLY RADIATED RF
Thanks to RTL-SDR.com reader 'flatflyfish' for submitting information on how to get Martin Marinov's TempestSDR up and running on a Windows system. If you didn't already know by definition "TEMPEST" refers to techniques used by some spy agencies to eavesdrop on electronic equipment via their unintentional radio emissions (as well as via sounds and vibrations). All electronics emit some sort of unintentional RF signals, and by capturing and processing those signals some data can be recovered. For example the unintentional signals from a computer screen could be captured, and converted back into a live image of what the screen is displaying.
TempestSDR is an open source tool that allows you to use any SDR that has a supporting ExtIO (such as RTL-SDR, Airspy, SDRplay, HackRF) to receive the unintentional signal radiation from a screen, and turn that signal back into a live image. This can let you view what is on a screen without any physical connections. If a high gain directional antenna is used then it may be possible to receive images from several meters away as well.
https://www.rtl-sdr.com/tempestsdr-a-sdr-tool-for-eavesdropping-on-computer-screens-via-unintentionally-radiated-rf/
https://github.com/martinmarinov/TempestSDR
https://youtu.be/mBJ6uQZsF9c
BBC Micro Live, last series, programme 4, 1986-11-14https://www.youtube.com/watch?v=AbaV2sWrsZc
NSA TEMPEST Attack can remotely view your computer and cell phone screen using radio waves!https://climateviewer.com/2014/01/18/nsa-tempest-attack-can-remotely-view-computer-cellphone-screen-using-radio-waves/
rtl-sdr.com
TempestSDR: An SDR tool for Eavesdropping on Computer Screens via Unintentionally Radiated RF
Thanks to RTL-SDR.com reader 'flatflyfish' for submitting information on how to get Martin Marinov's TempestSDR up and running on a Windows system. If you didn't already know by definition "TEMPEST" refers to techniques used by some spy agencies to eavesdrop…
Forwarded from TechToday News
#Hack #Security #Report
Hacker Selling Database of 159 Million Clients Leaked from LinkedIn Online
This morning, January 30th 2019, an unknown hacker going by the name of “Andrew” released an online statement through the Pastebin web service, allegedly announcing the hack of 159 million clients belonging to LinkedIn. As a so called “Proof of Concept,” the hacker has released a sample list of 100 clients along with their account login credentials, serving as proof that the leaked data is in fact real – including the credentials of high profile international CEO’s.
Location of Raw Leak:
https://pastebin.com/sXPPyFYk
Location of LinkedIn Database for Sale:
https://rocketr.net/buy/bfd77635ea0a
List of Other Database’s for Sale:
https://pastebin.com/x9ECRdis
Backup from Today’s Leak:
https://roguemedialabs.com/wp-content/uploads/2019/01/sXPPyFYk.pdf
Hacker Selling Database of 159 Million Clients Leaked from LinkedIn Online
This morning, January 30th 2019, an unknown hacker going by the name of “Andrew” released an online statement through the Pastebin web service, allegedly announcing the hack of 159 million clients belonging to LinkedIn. As a so called “Proof of Concept,” the hacker has released a sample list of 100 clients along with their account login credentials, serving as proof that the leaked data is in fact real – including the credentials of high profile international CEO’s.
Location of Raw Leak:
https://pastebin.com/sXPPyFYk
Location of LinkedIn Database for Sale:
https://rocketr.net/buy/bfd77635ea0a
List of Other Database’s for Sale:
https://pastebin.com/x9ECRdis
Backup from Today’s Leak:
https://roguemedialabs.com/wp-content/uploads/2019/01/sXPPyFYk.pdf