Intel is having a rough start to the year. Following the Meltdown and Spectre fiasco that is ongoing, F-Secure is piling on more bad news, saying Intel’s Active Management Technology (AMT) gives attackers an easily exploitable backdoor into potentially millions of laptops.
AMT is Intel’s proprietary solution to allow IT admins remote access monitoring and maintenance of corporate-grade systems. It is commonly found on business laptops, particularly those with Intel vPro processors. AMT has had its share of security issues in the past, but this new one is arguably the most concerning issue yet.
“The attack is almost deceptively simple to enact, but it has incredible destructive potential. In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures,” said Harry Sintonen, senior security consultant at F-Secure.
It doesn’t take long to exploit the vulnerability, which is
Flashpoint researchers spotted Russian speaking cyber-criminals using Voice over Internet Protocol (VOIP) services to bypass phone call transaction verifications.
Researchers spotted three VOIP services Narayana, SIP24, and SIP Killer being sold in cyber-criminal forums and used to make online purchases using compromised bank or online retail accounts, according to a 15August blog post.
Narayana boast a long list of features including support for Session Initiation Protocol, SIM cards based on the global system for mobile communication, and free iNum number for each user. Researchers say Narayana’s ease of use and affordability add to its appeal.
SIP24 has features similar to Narayana but is available by invitation only has reportedly higher call quality, and has additional features and restrictions aimed to bolster security. SIP Killer is used primarily to enable “call-flooding” or to send high volumes of call traffic over VOIP services to render call service unavailable.