Whether or not Chinese spies actually planted rogue chips into Super Micro servers, this kind of supply chain attack is feasible. This is just the tip of the iceberg.
F-Secure researchers found that modifying the hardware on modern computers make them susceptible to “cold boot” attacks where passwords and encryption keys can be harvested from memory. Hibernate or power off. Don't put the computer in sleep mode.
With all the reports about criminals lifting information off credit cards, access cards, and even passports, does it make sense to buy one of those RFID-blocking sleeves and wallets? Duo Labs finds out in this Decipher report.
Foreshadow/L1TF refer to a group of vulnerabilities that can be exploited in modern Intel chips using speculative execution attacks to bypass security protections and harvest sensitive information.
NetSpectre is not an immediate threat: no known malware exists in the wild. The research is important because it deepens our understanding of microprocessor architecture and ways speculative execution can be abused.