F-Secure researchers have developed a new tool to carry out cold boot attacks which could allow attackers to steal encryption keys and other sensitive information from devices left in sleep mode.The firm’s Principal Security Consultant Olle Segerdahl and his fellow cybersecurity consultant Pasi Saarinen developed an attack to bypass BIOS mitigations by exploiting a weakness in how computers protect firmware on Apple, Dell, Lenovo and all other models made in the last 10 years, according to a Sept. 13 blog post.
Criminals fuse Zeus, Carberp code for more sinister trojan
This is because when a computer is reset without the proper procedure, critical information remains in the random access memory (RAM) after the device loses power. Their attack also bypasses some existing mitigations for cold-boot attacks on laptops.
“The two experts figured out a way to disable this overwrite feature by physically manipulating the computer’s hardware,” the post said. “Using a simple tool, Olle and Pasi learned how to rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. Cold boot attacks can then be carried out by booting a special program off a USB stick.”Segerdahl referred to sleep mode as “vulnerable mode” as an attacker with physical access to the device can simply manipulate the firmware settings and perform a cold reboot into the USB in order to obtain the encryption keys from memory.Fortunately, the attacks aren’t simple to carry out and do require physical access in order to do however, researchers recommend that since the technique is known by hackers and is effective on nearly all modern laptops, companies should still take heed.In order to prevent such threats, researchers recommend companies require cybersecurity PIN entry on computer restore and power ups, force computers to shutdown/hibernate, keep laptops physically safe and report missing devices, and have incident response plans in place for dealing with missing devices.“Typically, organizations aren’t prepared to protect themselves from an attacker that has physical possession of a company computer,” Segerdahl said in a press release. “And when you have a security issue found in devices from major PC vendors, like the weakness my team has learned to exploit, you need to assume that a lot of companies have a weak link in their security that they’re not fully aware of or prepared to deal with.”The researchers have shared their findings with Microsoft, Intel, and Apple and said all three companies are exploring possible mitigation strategies.The researchers also helped Microsoft update their guidance on Bitlocker countermeasures.
Trump "does not have the power to give away our private information to anyone he chooses, and he cannot cut federal payments approved by Congress," said the coalition of 14 states attorneys, which includes attorneys general from California, New York, Colorado, Arizona, Hawaii, Illinois, Connecticut, Maine, Minnesota, Maryland, Vermont, Rhode Island, and Nevada.
Infiltration of internal HPE email boxes within the Office 365 environment through a compromised account in May 2023 enabled Midnight Blizzard hackers to access mailbox data from its workers in the cybersecurity, business, and go-to-market teams, according to HPE.
Such an extensive OpenAI account credential theft may have been achieved by exploiting vulnerabilities or securing admin credentials to infiltrate the auth0.openai.com subdomain, according to Malwarebytes researchers, who noted that confirmation of the leak's legitimacy would suggest emirking's access to ChatGPT conversations and queries.