Malware POC Analysis exploiting Spectre and Meltdown flaws

Your Feed is from https://www.safeharboroncyber.com/Blog/
CyberWisdom Safe Harbor Commentary on Spectre POC Malware Analysis
I couldn’t believe this story from securityaffairs.co that believes Malware exploits Spectre, crash flaws may come by proof-of-concept analysis. Researchers at AV-TEST, an anti-virus testing company, have uncovered more than 130 malware samples specifically developed to exploit the Spectre and Meltdown CPU vulnerabilities.
The good news is that these samples seem to be the result of testing activities, but experts are worried that we will soon begin to observe the field attacks.
Most of the code obtained by AV-TEST is just a recompiled version of the proof-of-concept (PoC) code provided online. AV-TEST’s experts also found the first JavaScript PoC code for the browser in our databases, such as IE, Chrome or Firefox.
“We also found the first JavaScript PoC code in our database for web browsers like IE, Chrome or Firefox,” said Andreas Marx, chief executive of AV-TEST, to Security Week.
Meltdown attacks could allow an attacker to read the entire physical memory of a target machine, steal credentials, personal information, and more.
Spectre
Cracking exploits speculative execution to break the isolation between user applications and operating systems so that any application has access to all of the system memory. Spectre attacks allow user-mode applications to extract information from other processes running on the same system. It can also be used to extract information from your own processes via code, for example, you can use malicious JavaScript to extract login cookies from other browsers’ memory.
Spectre attacks break the isolation between different applications, allowing information to leak from the kernel to the user program and from the hypervisor to the guest system.
On January 17, AV-TEST’s experts reported that they have found 77 samples of malware that are clearly related to Intel’s vulnerability.
Read more…
Malware Exploiting Spectre, Meltdown Flaws Emerges Researchers at the antivirus testing firm AV-TEST have discovered more than 130 samples of malware that were specifically developed to exploit the Spectre and Meltdown CPU vulnerabilities. The good news is that these samples appear to be the result of testing activities, but experts fear that we could soon… Engaging post, Read More…
thumbnail courtesy of securityaffairs.co
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post
The post Malware POC Analysis exploiting Spectre and Meltdown flaws appeared first on Safe Harbor on Cyber.

Powered by WPeMatico

convert this post to pdf.