Friday, July 1, 2022
Techiexpert.com
No Result
View All Result
  • Login
  • Register
Exclusive Videos
  • Tech news
  • Startup news
  • Artificial Intelligence
  • IOT
  • Big Data
  • Cloud
  • Data Analytics
  • Machine Learning
  • Blockchain
  • Social Media
  • Tech news
  • Startup news
  • Artificial Intelligence
  • IOT
  • Big Data
  • Cloud
  • Data Analytics
  • Machine Learning
  • Blockchain
  • Social Media
No Result
View All Result
TechiExpert
No Result
View All Result

SafeBreach Discovers Critical Vulnerability In HP Touchpoint Analytics

Srikanth by Srikanth
October 10, 2019
in Tech news
Reading Time: 2 mins read
SafeBreach Discovers Critical Vulnerability In HP Touchpoint Analytics
9
SHARES
125
VIEWS
Share on FacebookShare on Twitter

Newly discovered supply chain attack vector on commonly-used open-source hardware diagnostics systems could expose users to a major security risk.

SafeBreach, the leader in Breach and Attack Simulation (BAS), today announced that its SafeBreach Labs research team had discovered a critical security vulnerability in Open Hardware Monitor, a free open source software program that monitors temperature sensors, fan speeds, voltages, load and clock speeds of a computer. Tens of millions of computers use Open Hardware Monitor as part of monitoring systems, including HP Touchpoint Analytics. The critical vulnerability was the second of its type found by SafeBreach Labs during the past four months. Previously, SafeBreach Labs discovered a vulnerability in PC-Doctor, a monitoring and diagnostics packaged licensed to Dell and other major OEMs, that is run on hundreds of millions of systems. Both offer attackers the capability to take over machines and read and write to device memory, among the most serious types of security risks.

“These types of vulnerabilities are alarming because they indicate the ease with which malicious hackers could mount supply-chain attacks targeting and breaching highly trusted elements of our software ecosystem,” says Itzik Kotler, CTO and Co-Founder at SafeBreach. “And this should be a clear signal to security teams that they need to increase their frequency of testing and analysis of their security envelope in order to match the pace of criminals who are constantly innovating ways to hack into the most vulnerable parts of IT systems.”

HP TouchPoint Analytics ships as a default monitoring component of most HP Windows laptops and desktops. HP patched the vulnerability but  SafeBreach researchers believe that any machine using the Open Hardware Library was at risk.

A number of potential attacks could result from exploiting this vulnerability giving attackers the ability to load and execute malicious payloads using a signed service, effectively whitelisting those applications. This capability for “Application Whitelisting Bypass” and “Signature Validation Bypassing” might be abused by an attacker for different purposes such as execution and evasion, to name two. Using Open Hardware Monitor’s driver, which has the highest level of privileges in the operating system, an attacker can exploit this vulnerability and will be able to read and write to hardware memory.

This is only the latest instance of supply-chain attack vectors, which are among the most dangerous because they compromise trusted components and allow for attackers to go months or years unnoticed enjoying privileged access to devices and systems without being discovered. SafeBreach Labs filed a vulnerability report and has added this instance to its industry-leading Hacker’s Playbook, the largest compendium of attack types. The Hacker’s Playbook contains over 7,000 breach methods, all generated in programmatically addressable formats that are accessible via API. This research is part of SafeBreach’s ongoing efforts to continuously test the most critical assets in the software supply chain for vulnerabilities and weaknesses to further the broader goal of enhanced cybersecurity for all.

Tags: Data AnalyticsHP
Share4Tweet2Share1Pin1

Related Posts

Telemedicine Business
Tech news

Telemedicine or e-medicine: What is it?

Ways Data Analysis has changed customer reward programs
Tech news

Ways Data Analysis has changed customer reward programs

Digital Learning face recognition
Tech news

Here’s why Deep Learning might not be enough for celebrity face recognition

VPS Helps Forex Trading
Tech news

Staying Safe When Trading on a Trading App

Mozilla launches Thinderbird for android
Tech news

Mozilla launches Thinderbird for android

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Read

  • How to Track Someone’s iPhone by Phone Number?

    How to Track Someone’s iPhone by Phone Number?

    342 shares
    Share 137 Tweet 86
  • Top 5 car automation trends to know

    162 shares
    Share 65 Tweet 41
  • Is Parody Coin investment a Good Investment?

    67 shares
    Share 27 Tweet 17
  • What is windows modules installer ? How to Enable/Disable

    1236 shares
    Share 494 Tweet 309
  • Tips to Reduce Your Website Hosting Costs

    871 shares
    Share 348 Tweet 218
  • How to Track Activities an Instagram account?

    83 shares
    Share 33 Tweet 21

Recent Stories

Hyperlocal marketplace Urvann raises Rs. 3 Cr in Seed Round led by IPV

Hyperlocal marketplace Urvann raises Rs. 3 Cr in Seed Round led by IPV
Share4Tweet3Share1Pin1

Does domain extensions impact SEO standards

Does domain extension impact SEO standards
Share4Tweet3Share1Pin2

How Enterprise Blockchain can enable Privacy Preservation

How Enterprise Blockchain can enable Privacy Preservation
Share5Tweet3Share1Pin1

How to flip NFT’s

How to flip NFTs
Share4Tweet3Share1Pin1
  • Terms of use
  • Privacy Policy
  • About Us
  • Contact us
  • Write For Us
  • Cookie Policy

© 2022 All Rights Reserved

No Result
View All Result
  • Tech news
  • Startup news
  • Artificial Intelligence
  • IOT
  • Big Data
  • Cloud
  • Data Analytics
  • Machine Learning
  • Blockchain
  • Social Media

© 2022 All Rights Reserved

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Cookie Law Notice
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT