Rewterz

Rewterz Threat Alert – Thrip Continues To Hit High Level Targets In South Asia

September 12, 2019
Rewterz

Rewterz Threat Alert – Hidden Cobra uses Malware Variants – ELECTRICFISH & BADCALL

September 13, 2019

Rewterz Threat Alert – NetCat – Intel Server CPUs Side Channel Vulnerability

Severity

Medium

Analysis Summary

A side-channel vulnerability has been discovered in Intel Server CPUs that exploits the network performance-enhancing capabilities of recent Intel server CPUs. The vulnerability is named NetCat and uses these network performance-enhancing capabilities to potentially leak information transmitted during an SSH-protected session. It takes advantage of Data-Direct I/O (DDIO), a feature of recent Intel server-grade CPUs that allows peripherals to read/write from/to the fast (last-level) cache. It was introduced to improve performance of servers in high-speed network environments.

Using this vulnerability, an attacker on a remote system can, by merely sending packets to the targeted server, get information on the arrival timing of packets sent by a third system. After processing that information with statistical routines, an accurate decoding of text being typed on the third system can be created.

Impact

Sensitive Data Leakage

Affected Vendors

Intel

Affected Products

Intel Server CPUs

Remediation

  • Intel recommends that customers should disable DDIO, which is enabled by default.
  • Users should limit direct access from untrusted networks when DDIO & RDMA are enabled.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.