Encrypted virtual machines at risk of novel CacheWarp attack

16 November 2023

Threat actors could compromise encrypted virtual machines and facilitate privilege escalation efforts through the new CacheWarp attack involving the exploitation of a vulnerability impacting AMD’s Secure Encrypted Virtualization technology, tracked as CVE-2023-20592, according to The Hacker News. While AMD’s SEV-SNP technology, which integrates Secure Nested Paging, includes robust memory integrity defenses, such protections could be bypassed by CacheWarp by abusing the INVD instruction leveraged for removing cache content within a processor, a report from CISPA Helmholtz Center for Information Security and Graz University of Technology researchers revealed.

Source: SC Magazine

Date:

16 November 2023

Categorie(s):

NEWS

Tag(s):

Encrypted, IT, News

Celebrating our 12th Anniversary at RSA conference 20245 May 2024
Offensive Awakening: The 2024 Shift from Defensive to Proactive Security5 May 2024
End-to-end encryption may be the bane of cops, but they can’t close that Pandora’s Box5 May 2024
Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks5 May 2024
Navigating the Digital Age: AI’s Crucial Role in Cybersecurity Reinforcement5 May 2024