NetCAT Vulnerability Is Out of the Bag

  /     /     /  
Publicated : 23/11/2024   Category : security


NetCAT Vulnerability Is Out of the Bag


Researchers discover a side-channel vulnerability that exploits the network performance-enhancing capabilities of recent Intel server CPUs.



A new side-channel vulnerability it out, but this one comes with a twist: Rather than exploiting weaknesses in speculative execution routines within the CPU, the vulnerability — named NetCAT by the researchers who found it — uses performance-enhancing networking capabilities to potentially leak information transmitted during an SSH-protected session.
NetCAT, discovered by Michael Kurth, Ben Gras, Dennis Andriesse, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi, of ETH Zurich, Switzerland, takes advantage of Data-Direct I/O (DDIO), a feature of recent Intel server-grade CPUs that allows peripherals to read/write from/to the fast (last-level) cache. It was introduced to improve performance of servers in high-speed network environments.
With NetCAT, an attacker on a remote system can, by merely sending packets to the targeted server, get information on the arrival timing of packets sent by a third system. After processing that information with statistical routines, an accurate decoding of text being typed on the third system can be created.
Intel has acknowledged the validity of the vulnerability and paid a bounty to the researchers. It recommends customers disable DDIO, which is enabled by default, to mediate the vulnerability.
Read more 
here
and
here
.
Check out 
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
Community Projects Highlight Need for Security Volunteers
.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
NetCAT Vulnerability Is Out of the Bag