Tag: side-channel
-
New MicMouse Attack Shows Computer Mice Can Capture Conversations
Security researchers at UC Irvine reveal the ‘Mic-E-Mouse’ attack, showing how high-DPI optical sensors in modern mice can detect desk vibrations and reconstruct user speech with high accuracy. Learn how this side-channel vulnerability affects your privacy. First seen on hackread.com Jump to article: hackread.com/mic-e-mouse-attack-computer-mice-conversations/
-
The importance of reviewing AI data centers’ policies
Tags: ai, attack, backdoor, corporate, cybersecurity, data, government, Hardware, jobs, monitoring, risk, side-channel, supply-chain, threat, tool, vulnerabilityWhat cybersecurity leaders need to consider: Given these expanded threats, cybersecurity leaders and decision makers must closely scrutinize whether their AI data center operators are implementing corporate policies that require technical measures to secure AI data centers across all layers of security, including hardware, data, and geopolitical. Examples of such policies include: closely inspecting hardware…
-
Cybersecurity Snapshot: Industrial Systems in Crosshairs of Russian Hackers, FBI Warns, as MITRE Updates List of Top Hardware Weaknesses
Tags: access, ai, attack, automation, cisa, cisco, cloud, conference, control, credentials, cve, cyber, cybersecurity, data, data-breach, deep-fake, detection, docker, espionage, exploit, flaw, framework, fraud, google, government, group, guide, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iot, LLM, microsoft, mitigation, mitre, mobile, network, nist, risk, russia, scam, service, side-channel, software, strategy, switch, technology, threat, tool, update, vulnerability, vulnerability-management, windowsCheck out the FBI’s alert on Russia-backed hackers infiltrating critical infrastructure networks via an old Cisco bug. Plus, MITRE dropped a revamped list of the most important critical security flaws. Meanwhile, NIST rolled out a battle plan against face-morphing deepfakes. And get the latest on the CIS Benchmarks and on vulnerability prioritization strategies! Here are…
-
AMD Warns of Transient Scheduler Attacks Impacting Broad Range of Chipsets
AMD has issued a security bulletin, AMD-SB-7029, highlighting several transient scheduler attacks that exploit speculative execution timing in its processors, potentially leading to loss of confidentiality. These vulnerabilities stem from investigations into a Microsoft report on microarchitectural leaks, revealing side-channel attacks where attackers could infer sensitive data through execution timing under specific conditions. Rated at…
-
AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs
Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information disclosure.The attacks, called Transient Scheduler Attacks (TSA), manifests in the form of a speculative side channel in its CPUs that leverages execution timing of instructions under specific microarchitectural conditions.”In some cases, an attacker…
-
AMD discloses new CPU flaws that can enable data leaks via timing attacks
Tags: access, attack, crowdstrike, cve, cvss, data, exploit, firmware, flaw, guide, leak, malware, microsoft, mitigation, risk, side-channel, strategy, supply-chain, threat, update, vulnerability, windowsCrowdStrike elevates threat classification despite CVSS scores: While AMD rates the vulnerabilities as medium and low severity based on attack complexity requirements, CrowdStrike has independently classified them as critical enterprise threats. The security firm specifically flagged CVE-2025-36350 and CVE-2025-36357 as “Critical information disclosure vulnerabilities in AMD processors,” despite both carrying CVSS scores of just 5.6.According…
-
FIPS 140-3 and You, Part Three
Tags: attack, authentication, ccc, compliance, conference, crypto, cryptography, cybersecurity, data, encryption, firmware, Hardware, international, network, nist, side-channel, software, technology, updateFIPS 140-3 and You, Part Three divya Thu, 06/05/2025 – 07:00 Last spring, in the second installment of this blog series, we were excited to announce that our Luna HSM product line was the first HSM in the industry to achieve FIPS 140-3 level 3 validation certificate. This spring, in this third installment, we happily…
-
Cache Timing Techniques Used to Bypass Windows 11 KASLR and Reveal Kernel Base
Cache timing side-channel attacks have been used to circumvent Kernel Address Space Layout Randomization (KASLR) on fully updated Windows 11 PCs, which is a startling discovery for cybersecurity aficionados and Windows kernel developers. KASLR, a critical security mechanism, randomizes the memory location of the kernel base to thwart exploitation attempts. However, as detailed in a…
-
Electromagnetic Side-Channel Analysis of Cryptographically Secured Devices
Electromagnetic (EM) side-channel analysis has emerged as a significant threat to cryptographically secured devices, particularly in the era of the Internet of Things (IoT). These attacks exploit information leakages through physical parameters such as EM radiation, which is emitted by all powered electronic devices due to internal current flows. Unlike traditional power analysis attacks, EM…
-
KernelSnitch: Uncovering a New Side-Channel Attack on Data Structures
Researchers at Graz University of Technology have uncovered a groundbreaking software-based side-channel attack,KernelSnitch, which exploits timing variances in Linux kernel data structures. Unlike hardware-dependent attacks, KernelSnitch targets hash tables, radix trees, and red-black trees, enabling unprivileged attackers to leak sensitive data across isolated processes, as per a report by a Researcher Published on Github. The…
-
Researchers Find New Side-Channel Attack Methods On Apple Chips
First seen on scworld.com Jump to article: www.scworld.com/brief/researchers-find-new-side-channel-attack-methods-on-apple-chips
-
Researchers uncover new side-channel attack methods on Apple chips
First seen on scworld.com Jump to article: www.scworld.com/brief/researchers-uncover-new-side-channel-attack-methods-on-apple-chips
-
New Apple SLAP FLOP Side-Channel Attacks Let Attackers Steal Login Details From Browser
Researchers from the Georgia Institute of Technology and Ruhr University Bochum have uncovered two novel speculative execution attacks, named SLAP (Speculative Data Attacks via Load Address Prediction) and FLOP (Breaking the Apple M3 CPU via False Load Output Predictions). These vulnerabilities impact Apple Silicon chips, exposing critical security risks in devices built on the M2/A15…
-
New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones
New CPU side-channel attacks named SLAP and FLOP can be exploited to remotely steal data from Apple mobile and desktop devices. The post New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/new-slap-and-flop-cpu-attacks-expose-data-from-apple-computers-phones/
-
New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits
A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome.The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and…
-
Apple chips can be hacked to leak secrets from Gmail, iCloud, and more
Side channel gives unauthenticated remote attackers access they should never have. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/01/newly-discovered-flaws-in-apple-chips-leak-secrets-in-safari-and-chrome/
-
New Apple CPU side-channel attacks steal data from browsers
A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-apple-cpu-side-channel-attack-steals-data-from-browsers/
-
New Apple CPU side-channel attacks steals data from browsers
A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-apple-cpu-side-channel-attack-steals-data-from-browsers/
-
DNA sequencer vulnerabilities signal firmware issues across medical device industry
Tags: access, advisory, attack, best-practice, computer, computing, control, credentials, data, exploit, firmware, flaw, Hardware, iot, leak, malicious, malware, mitigation, privacy, rce, remote-code-execution, risk, side-channel, software, supply-chain, update, vulnerability, windowsIn highlighting vulnerabilities in a widely used DNA gene sequencing device, security researchers have brought further attention to the likely poor state of security in the medical device industry, where hardware and firmware development is often outsourced to external equipment manufacturers under questionable support contracts.The device, Illumina’s iSeq 100 compact DNA sequencer, is used by…
-
With ‘TPUXtract,’ Attackers Can Steal Orgs’ AI Models
A new side-channel attack method is a computationally practical way to infer the structure of a convolutional neural network, meaning that cyberattackers or rival companies can plagiarize AI models and take their data for themselves. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/tpuxtract-attackers-steal-ai-models
-
BadRAM: Historischer Seitenkanal hebelt RAM-Verschlüsselung aus
Server schützen Daten mit komplexen Funktionen für Confidential Computing, die sich durch Speicherriegel mit gefälschter Konfiguration austricksen lassen. First seen on heise.de Jump to article: www.heise.de/news/BadRAM-Historischer-Seitenkanal-hebelt-Confidential-Computing-in-der-Cloud-aus-10193941.html
-
Sicherheitslücke WebGPU: Rechnerzugriff über Seitenkanal-Angriffe auf Grafikkarte
Dieses Forschungsprojekt ist im Field of Expertise ‘Information, Communication & Computing verankert, einem von fünf strategischen Schwerpunktfeldern … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sicherheitsluecke-webgpu-rechnerzugriff-ueber-seitenkanal-angriffe-auf-grafikkarte/a37063/
-
Yubikey-Seitenkanal: Weitere Produkte für Cloning-Attacke anfällig
Die Seitenkanal-Lücke EUCLEAK wurde auch als “Yubikey-Cloning-Attacke” bekannt. Das BSI re-zertifiziert aktualisierte Produkte, die betroffen waren. First seen on heise.de Jump to article: www.heise.de/news/EUCLEAK-Weitere-Produkte-fuer-Cloning-Attacke-anfaellig-10078520.html
-
EUCLEAK: Weitere Produkte für Cloning-Attacke anfällig
Die Seitenkanal-Lücke EUCLEAK wurde auch als “Yubikey-Cloning-Attacke” bekannt. Das BSI re-zertifiziert aktualisierte Produkte, die betroffen waren. First seen on heise.de Jump to article: www.heise.de/news/EUCLEAK-Weitere-Produkte-fuer-Cloning-Attacke-anfaellig-10078520.html
-
DEF CON 32 Your AI Assistant Has A Big Mouth: A New Side Channel Attack
Authors/Presenters: Yisroel Mirsky Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/def-con-32-your-ai-assistant-has-a-big-mouth-a-new-side-channel-attack/
-
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
First seen on arstechnica.com Jump to article: arstechnica.com/
-
New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers
A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the audio gap and exfiltrating sensitive informat… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/new-pixhell-attack-exploits-screen.html
-
New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks
A novel side-channel attack has been found to leverage radio signals emanated by a device’s random access memory (RAM) as a data exfiltration mechanis… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/new-rambo-attack-uses-ram-radio-signals.html
-
Eucleak: YubiKey-Lücke ermöglicht Side-Channel-Attacken
Tags: side-channelFirst seen on csoonline.com Jump to article: www.csoonline.com/de/a/yubikey-luecke-ermoeglicht-side-channel-attacken
-
RAM Signals Expose Air-Gapped Networks to Attacks
RAM-Based Radio Signal Attack Allows Attackers to Exfiltrate Data. A novel side-channel attack exploits radio signals emitted by random access memory … First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ram-signals-expose-air-gapped-networks-to-attacks-a-26258