Finnish cyber security company F-Secure has claimed it has found a security flaw in Intel’s Active Management Technology (AMT) which can allow a hacker to compromise a work laptop within seconds. AMT is Intel’s proprietary solution for remote access monitoring and maintenance of corporate-grade personal computers, created to allow IT departments or managed service providers to better control their device fleets.
The company said that in July 2017 Harry Sintonen, one of F-Secure’s Senior Security Consultants, discovered unsafe and misleading default behaviour within Intel’s AMT. “AMT is no stranger to security weaknesses, with many other researchers finding multiple flaws within the system, but Sintonen’s discovery surprised even him,” the company said in a blog post.
“The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures,” Sintonen
Intel is having a rough start to the year. Following the Meltdown and Spectre fiasco that is ongoing, F-Secure is piling on more bad news, saying Intel’s Active Management Technology (AMT) gives attackers an easily exploitable backdoor into potentially millions of laptops.
AMT is Intel’s proprietary solution to allow IT admins remote access monitoring and maintenance of corporate-grade systems. It is commonly found on business laptops, particularly those with Intel vPro processors. AMT has had its share of security issues in the past, but this new one is arguably the most concerning issue yet.
“The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures,” said Harry Sintonen, senior security consultant at F-Secure.
It doesn’t take long to exploit the vulnerability, which is
Two hackers have pleaded guilty to federal cyber-crime charges for launching a cyberattack last year that knocked large parts of the internet offline.
Paras Jha and Josiah White were indicted by an Alaska court in early December, according to documents unsealed Wednesday.
Prosecutors accused the hackers of writing and using the Mirai botnet to hijack vulnerable internet-connected devices to launch powerful distributed denial-of-service (DDoS) attacks.
According to Jha’s plea agreement, the botnet ensnared more than 300,000 vulnerable devices.
The filing says that Jha “conspired to conduct DDoS attacks against websites and web hosting companies located in the United States and abroad,” and “demanded payment in exchange for halting the attack.”
DDoS attacks are a common way to disrupt online services, and often require little or no technical knowledge. The operator
Muscat: Oman is ranked fourth on Global Cyber Security Index and first in the Arab region, but cyber security challenges due to growing technology applications lie ahead.
Oman’s cyber government bodies Information Technology Authority (ITA) and Computer Emergency Readiness Team (CERT) have thwarted more than 70 million attacks this year, including malware, phishing and organised attacks.
Experts believe the fight against cyber crimes has just begun with advancing and more resilient threats.
“Cyber security is something that is ongoing all the time and does not sleep. We are working on it, but there is a lot more to be done. We have already drafted the data protection law, and we are working on regulations pertaining to the IoT (Internet of Things), smart cities and other developing technologies,” Salim Al Ruzaiqi, Head of ITA, told Times of Oman during the sixth Regional Cyber Security Summit (RCSS) being held in Oman on November 20 and
NEW DELHI: India was among the 99 countries affected by a global cyber attack that took down, among others, health services in the UK, a telecom network in Spain and government computer systems in Russia this weekend.
As many as 102 computer systems of Andhra Pradesh police were hacked on Saturday. The malware reportedly halted production at a Nissan-Renault Alliance plant on the outskirts of Chennai, but the company did not comment on the issue.
National Cyber Security Adviser in the Prime Minister’s Office Gulshan Rai told TOI: “About 100 systems were attacked but as of now there are no more threats.”
The international cyber attack was carried out using a malware called Wanna Decryptor or WannaCry. This is a “ransomware“, a digital extortion system that locks down systems by encrypting the data on it, only to decrypt and
The 77-page report covers information gained from Symantec’s Global Intelligence Network tracking over 700,000 global adversaries and records events from 98 million attack sensors in over 157 countries. But it also includes Endpoint Protection, Symantec DeepSight Intelligence, Symantec Managed Security Services, Norton consumer products, and other third-party data sources, generating more than nine trillion rows of security data.
For example, its email statistics were gathered from more than 2 billion emails each day, its website security from over 2.4 billion web requests each day, and its cloud and apps from Symantec CloudSOC security technology, which in 2016 safeguarded more than 20,000 cloud apps, 176 million cloud documents, and 1.3 billion emails.
Kevin Haley, director, Symantec Security Response, said, “New sophistication and innovation is the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus. Zero-day vulnerabilities and sophisticated malware are now used sparingly,
2016 was marked by extraordinary cyber attacks, including multi-million dollar virtual bank heists and overt attempts to disrupt the US electoral process by state-sponsored groups, say researchers.
Download this free guide
Data protection: Not just about personal data and compliance
From a hacker perspective, many organisations are still leaving the front door open and the windows unlocked. Failure to protect and handle data correctly can also result in punitive actions for companies participating in the digital economy. Wake up and get the knowledge to get protected.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.