Thursday, January 28, 2021
Techiexpert.com
No Result
View All Result
  • Login
  • Register
  • Home
  • Tech news
  • Startups
  • AI
  • IOT
  • Big Data
  • Cloud
  • Data Analytics
  • ML
  • Blogging
Techiexpert.com
No Result
View All Result

SafeBreach Discovers Critical Vulnerability In HP Touchpoint Analytics

Srikanth by Srikanth
October 10, 2019
in Tech news
Reading Time: 2min read
A A
0
SafeBreach Discovers Critical Vulnerability In HP Touchpoint Analytics
9
SHARES
127
VIEWS
Share on FacebookShare on Twitter

Newly discovered supply chain attack vector on commonly-used open-source hardware diagnostics systems could expose users to a major security risk.

SafeBreach, the leader in Breach and Attack Simulation (BAS), today announced that its SafeBreach Labs research team had discovered a critical security vulnerability in Open Hardware Monitor, a free open source software program that monitors temperature sensors, fan speeds, voltages, load and clock speeds of a computer. Tens of millions of computers use Open Hardware Monitor as part of monitoring systems, including HP Touchpoint Analytics. The critical vulnerability was the second of its type found by SafeBreach Labs during the past four months. Previously, SafeBreach Labs discovered a vulnerability in PC-Doctor, a monitoring and diagnostics packaged licensed to Dell and other major OEMs, that is run on hundreds of millions of systems. Both offer attackers the capability to take over machines and read and write to device memory, among the most serious types of security risks.

“These types of vulnerabilities are alarming because they indicate the ease with which malicious hackers could mount supply-chain attacks targeting and breaching highly trusted elements of our software ecosystem,” says Itzik Kotler, CTO and Co-Founder at SafeBreach. “And this should be a clear signal to security teams that they need to increase their frequency of testing and analysis of their security envelope in order to match the pace of criminals who are constantly innovating ways to hack into the most vulnerable parts of IT systems.”

HP TouchPoint Analytics ships as a default monitoring component of most HP Windows laptops and desktops. HP patched the vulnerability but  SafeBreach researchers believe that any machine using the Open Hardware Library was at risk.

ADVERTISEMENT

A number of potential attacks could result from exploiting this vulnerability giving attackers the ability to load and execute malicious payloads using a signed service, effectively whitelisting those applications. This capability for “Application Whitelisting Bypass” and “Signature Validation Bypassing” might be abused by an attacker for different purposes such as execution and evasion, to name two. Using Open Hardware Monitor’s driver, which has the highest level of privileges in the operating system, an attacker can exploit this vulnerability and will be able to read and write to hardware memory.

This is only the latest instance of supply-chain attack vectors, which are among the most dangerous because they compromise trusted components and allow for attackers to go months or years unnoticed enjoying privileged access to devices and systems without being discovered. SafeBreach Labs filed a vulnerability report and has added this instance to its industry-leading Hacker’s Playbook, the largest compendium of attack types. The Hacker’s Playbook contains over 7,000 breach methods, all generated in programmatically addressable formats that are accessible via API. This research is part of SafeBreach’s ongoing efforts to continuously test the most critical assets in the software supply chain for vulnerabilities and weaknesses to further the broader goal of enhanced cybersecurity for all.

Tags: Data AnalyticsHP
Share4Tweet2Share1Pin1
Srikanth

Srikanth

Passionate Tech Blogger on Emerging Technologies, which brings revolutionary changes to the People life.., Interested to explore latest Gadgets, Saas Programs

Related Posts

India’s Top Emerging Technology: report by cxovoice
Tech news

INDIA to focus on the Emerging Technologies in 2021

January 27, 2021
How Crypto is changing how people invest
Tech news

Can Crypto Markets Regulate Themselves Without Decentralization?

January 27, 2021
How AI is Driving Recruitment Lifecycle – Vasitum
Tech news

How AI is Driving Recruitment Lifecycle – Vasitum

January 27, 2021
Techniques to generate business opportunities and branding
Tech news

How Digital Marketing Has Impacted Businesses

January 27, 2021
Why Charter Networks Are Investing Heavily in Big Data
Tech news

Best Practices Of Financial Investing: Here Is What Experts Are Saying

January 26, 2021
Increasing Adoption of Informatics will Promote Growth of Data Analytics.
Tech news

Increasing Adoption of Informatics will Promote Growth of Data Analytics.

January 22, 2021

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Latest Stories

India’s Top Emerging Technology: report by cxovoice
Tech news

INDIA to focus on the Emerging Technologies in 2021

by Sony T
January 27, 2021
How Crypto is changing how people invest
Tech news

Can Crypto Markets Regulate Themselves Without Decentralization?

by Sony T
January 27, 2021
Effective Lifecycle Email Marketing in 2019 (Strategies + Examples)
Marketing Trends

Warming Up Your IP Address: Why Do It Before Sending Emails?

by Srikanth
January 27, 2021
How AI is Driving Recruitment Lifecycle – Vasitum
Tech news

How AI is Driving Recruitment Lifecycle – Vasitum

by Srikanth
January 27, 2021
Techniques to generate business opportunities and branding
Tech news

How Digital Marketing Has Impacted Businesses

by Sony T
January 27, 2021
Load More
Techiexpert.com

© 2020 All Rights Reserved

  • Terms of use
  • Privacy Policy
  • About Us
  • Contact us
  • Write For Us
  • Cookie Policy

  • Login
  • Sign Up
No Result
View All Result
  • Home
  • Tech news
  • Startups
  • AI
  • IOT
  • Big Data
  • Cloud
  • Data Analytics
  • ML
  • Blogging

© 2020 All Rights Reserved

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.