Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 18, 2023
Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]September 18, 2023Severity Medium Analysis Summary CVE-2023-4948 CVSS:4.3 WooCommerce CVR Payment Gateway Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing capability […]September 18, 2023Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 18, 2023Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]September 18, 2023Severity Medium Analysis Summary CVE-2023-4948 CVSS:4.3 WooCommerce CVR Payment Gateway Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing capability […]September 18, 2023Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – COVID-19 Phishing Email Campaign
April 21, 2020Rewterz Threat Alert – APT41 (PIGFISH) Global Campaign Continues
April 21, 2020
Severity
Medium
Analysis Summary
Xilinx 7-series and some 6-series FPGAs are discovered to be vulnerable to new Starbleed vulnerability. It’s a new security bug that impacts Xilinx FPGA (Field Programmable Gate Arrays) chipsets. Named Starbleed, the bug allows attackers — with both physical or remote access — to extract and tamper with an FGPA’s bitstream (configuration file) to reprogram the chip with malicious code. FPGAs are add-in cards that can be added to a computer system, (such as a regular desktop, a high-performance server) or can be used as standalone systems. They are small integrated circuit boards designed to run very specific code that is programmed inside the FPGA by the device owner based on their own needs.
FPGAs are used to optimize performance by running certain operations on the FPGA instead of the main CPU, and then pass the results back to the CPU. FPGAs are also used as a separate system-on-a-chip (SoC) that can be used to power smart devices or critical infrastructure equipment. FPGA chips can be found in many safety-critical applications today, from cloud data centers and mobile phone base stations to encrypted USB-sticks and industrial control systems. Their decisive advantage lies in their reprogrammability compared to conventional hardware chips with their fixed functionalities. Researchers say the Starbleed vulnerability allows an attacker to crack the bitstream encryption and tamper with the operations stored inside the bitstream, allowing the attacker to load their own malicious code on vulnerable devices.
Starbleed attacks require physical access to the FPGA’s JTAG port; however, if the FPGA bitstream is loaded from a microcontroller or another network source, attacks can be carried out remotely by targeting the location from where the bitstream is loaded, which in many cases may be available over a network or the internet. The new generation of Xilinx UltraScale boards is not susceptible to this attack.
Impact
Malicious code execution on vulnerable devices
Affected Products
- Xilinx 7-series FPGA chips
- Some 6-series FPGA chips
Remediation
- Take measures to ensure that threat actors don’t have physical access to FPGA components and their debugging/configuration ports.
- Consider replacing the FPGA altogether, as the encryption and bitstream mechanism is designed to work at a hardware level and would require a silicon chip redesign.
- Use a chipset that uses a more advanced encryption scheme for the bitstream configuration.