Google Finds New Exploit That Alters Chip Memory

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Endpoint Security
Fraud Management & Cybercrime

Latest Rowhammer Technique Targets Design Flaws in Modern DRAM Chips

Google Finds New Exploit That Alters Chip Memory
Source: Google Security Blog

Researchers at Google have identified a new Rowhammer technique, dubbed Half-Double, which exploits design flaws in modern DRAM chips to alter their memory content.

See Also: Live Webinar | The Role of Passwords in the Hybrid Workforce

First discovered in 2014, Rowhammer is a DRAM vulnerability in which repeated access to one address can tamper with data stored in other addresses.

“Much like speculative execution vulnerabilities in CPUs, Rowhammer is a breach of security guarantees made by the underlying hardware. As an electrical coupling phenomenon within the silicon itself, Rowhammer allows the potential bypass of hardware and software memory protection policies. This can allow untrusted code to break out of its sandbox and take full control of the system,” the researchers at Google note.

The 2014 paper, however, discusses the DDR3, the mainstream DRAM generation at the time. In 2015, the Mountain View, California-based company’s Project Zero, which was tasked with finding zero-day vulnerabilities, released an exploit that escalates working privilege.

In response to the exploit, chip manufacturers implemented proprietary logic in their products that attempted to track frequently accessed addresses and reactively mitigate when necessary.

2014 saw the release of DDR4, which included built-in defense mechanisms, seemingly marking the end of Rowhammer.

In 2020, however, a paper on TRRespass…


New survey finds that password hygiene amongst cybersecurity leaders is lacking | 2021-05-21

New survey finds that password hygiene amongst cybersecurity leaders is lacking | 2021-05-21 | Security Magazine


Body-worn video technology finds new use cases in the private sector

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Over the past two years, security technology and public safety policy and transparency have violently bumped symbolic heads.  The shadow of body-worn video surveillance cameras has driven the public perception of deadly police encounters, primarily within the Black community and beyond. This recent exposure has put the technology on equal footing with myriad previous incidents that have grabbed headlines across the country and motivated a movement to mitigate these tragic encounters. As body-worn camera (BWC) proponents have long lauded the visceral perceived benefits to the public safety sector, there has been a steady migration of body-worn devices to other environments in the municipal and commercial business world.

Expanding Use Cases for BWCPolice body-worn cameras have become a high-profile item.Police body-worn cameras have become a high-profile item.Courtesy of Axon

Municipal agencies are seeing body-worn devices work their way into fire departments, courthouses, and onto the uniforms of emergency medical technicians, while on the commercial side, BWC solutions have infiltrated manufacturing plants, retail stores, warehouse facilities, healthcare and school facilities. The technology has even penetrated everything from private security officer companies to big-box retailers like Walmart, which issues proprietary body-worn cameras to monitor its In-Home delivery service team in at least three states around the country where drivers have access to private homes of absent owners to deliver perishable groceries directly inside waiting refrigerators.

In a recent interview with the Seattle Times, Axon, a leading manufacturer of BWC solutions, founder Rick Smith remarked that even though cameras like the GoPro have typified the consumer body-worn camera market for years, his company and others have gained traction with clients because its technology is better suited for evidence gathering given their 12-hour, full-police-shift battery life and delivery of accurate, non-erasable footage — even in low light — and crisp audio along with secure storage options.

Unlike the consumer-glad recreation BWC technology, vendors like Axon, Axis Communications and Tyco Exacq have specialized in integrating advanced data management platforms…


Kaspersky finds zero-day exploit in Desktop Window Manager

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Early 2021, Kaspersky’s researchers, upon further analysis into the already reported CVE-2021-1732 exploit used by the BITTER APT group, have managed to discover another zero-day exploit. The experts are currently unable to link this exploit to any known threat actor.

A zero-day vulnerability is basically an unknown software bug. Upon identification and discovery, they allow attackers to conduct malicious activities in the shadows, resulting in unexpected and destructive consequences.

While analyzing the CVE-2021-1732 exploit, Kaspersky experts found another such zero-day exploit and reported it to Microsoft in February. After confirmation that it is indeed a zero-day, it received the designation CVE-2021-28310.

According to the researchers, this exploit is used in the wild, potentially by several threat actors. It is an escalation of privilege (EoP) exploit, found in Desktop Window Manager, allowing the attackers to execute arbitrary code on a victim’s machine.

It is likely that the exploit is used together with other browser exploits to escape sandboxes or obtain system privileges for further access.

Kaspersky’s initial investigation has not revealed the full infection chain, so it is yet not known whether the exploit is used with another zero-day or coupled with known, patched vulnerabilities.

“The exploit was initially identified by our advanced exploit prevention technology and related detection records. In fact, over the past few years, we have built a multitude of exploit protection technologies into our products that have detected several zero-days, proving their effectiveness time and time again. We will continue to improve defenses for our users by enhancing our technologies and working with third-party vendors to patch vulnerabilities, making the internet more secure for everyone,” comments Boris Larin, security expert at Kaspersky.

More information about BITTER APT and IOCs are available to customers of the Kaspersky Intelligence Reporting service. Contact: [email protected]

A patch for the elevation of privilege vulnerability CVE-2021-28310 was released on April 13th, 2021.

Kaspersky products detect this exploit with the following verdicts: