Tag: side-channel
-
New Whisper-Based Attack Reveals User Prompts Hidden Inside Encrypted AI Traffic
Microsoft researchers have unveiled a sophisticated side-channel attack targeting remote language models that could allow adversaries to infer conversation topics from encrypted network traffic. Despite end-to-end encryption via Transport Layer Security (TLS), the attack exploits patterns in packet sizes and timing to classify the subject matter of user prompts sent to AI chatbots. The research…
-
AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack
Microsoft uncovered Whisper Leak, a side-channel attack that lets network snoopers infer AI chat topics despite encryption, risking user privacy. Microsoft revealed a new side-channel attack called Whisper Leak, which lets attackers who can monitor network traffic infer what users discuss with remote language models, even when the data is encrypted. The company warned that…
-
Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic
Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model”¯conversation”¯topics despite encryption protections under certain circumstances.This leakage of data exchanged between humans and”¯streaming-mode language models could pose serious risks to First seen on thehackernews.com Jump…
-
Notable post-quantum cryptography initiatives paving the way toward Q-Day
Tags: attack, awareness, cisa, cisco, communications, computer, computing, crypto, cryptography, cyber, cybersecurity, data, encryption, finance, framework, google, government, group, guide, ibm, infrastructure, intelligence, Internet, iot, linux, microsoft, mitre, ml, nist, nvidia, open-source, service, side-channel, software, supply-chain, technology, theft, threat, tool, vulnerabilityIndustry heavyweights line up behind PQC: Google”¯Chrome became the first mainstream browser to support hybrid post”‘quantum key exchanges by default late last year.The approach combines classical elliptic-curve encryption, for backwards compatibility, with lattice-based PQC derived from ML-KEM.Other industry giants, including Amazon and IBM, have also begun laying foundations for quantum-safe cryptography. For example, IBM has…
-
Notable post-quantum cryptography initiatives paving the way toward Q-Day
Tags: attack, awareness, cisa, cisco, communications, computer, computing, crypto, cryptography, cyber, cybersecurity, data, encryption, finance, framework, google, government, group, guide, ibm, infrastructure, intelligence, Internet, iot, linux, microsoft, mitre, ml, nist, nvidia, open-source, service, side-channel, software, supply-chain, technology, theft, threat, tool, vulnerabilityIndustry heavyweights line up behind PQC: Google”¯Chrome became the first mainstream browser to support hybrid post”‘quantum key exchanges by default late last year.The approach combines classical elliptic-curve encryption, for backwards compatibility, with lattice-based PQC derived from ML-KEM.Other industry giants, including Amazon and IBM, have also begun laying foundations for quantum-safe cryptography. For example, IBM has…
-
New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves
A group of academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack called TEE.Fail that allows for the extraction of secrets from the trusted execution environment (TEE) in a computer’s main processor, including Intel’s Software Guard eXtensions (SGX) and Trust Domain Extensions (TDX) and AMD’s Secure Encrypted Virtualization with Secure…
-
TEE.Fail attack breaks confidential computing on Intel, AMD, NVIDIA CPUs
Academic researchers developed a side-channel attack called TEE.Fail, which allows extracting secrets from the trusted execution environment in the CPU, the highly secure area of a system, such as Intel’s SGX and TDX, and AMD’s SEV-SNP. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/teefail-attack-breaks-confidential-computing-on-intel-amd-nvidia-cpus/
-
NDSS 2025 Oreo: Protecting ASLR Against Micro-Architectural Attacks
Authors, Creators & Presenters: Shixin Song (Massachusetts Institute of Technology), Joseph Zhang (Massachusetts Institute of Technology), Mengjia Yan (Massachusetts Institute of Technology) PAPER Oreo: Protecting ASLR Against Microarchitectural Attacks Address Space Layout Randomization (ASLR) is one of the most prominently deployed mitigations against memory corruption attacks. ASLR randomly shuffles program virtual addresses to prevent attackers…
-
NDSS 2025 Off-Path TCP Hijacking In Wi-Fi Networks: A Packet-Size Side Channel Attack
SESSION Session 1A: WiFi and Bluetooth Security PAPER Off-Path TCP Hijacking in Wi-Fi Networks: A Packet-Size Side Channel Attack In this paper, we unveil a fundamental side channel in Wi-Fi networks, specifically the observable frame size, which can be exploited by attackers to conduct TCP hijacking attacks. Authors, Creators & Presenters: Ziqiang Wang (Southeast University),…
-
Pixnapping Attack Hijacks Google Authenticator 2FA Codes in Under 30 Seconds
Security researchers have unveiled a sophisticated new attack technique dubbed >>Pixnapping
-
New Android Pixnapping attack steals MFA codes pixel-by-pixel
A new side-channel attack called Pixnapping enables a malicious Android app with no permissions to extract sensitive data by stealing pixels displayed by applications or websites, and reconstructing them to derive the content. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-android-pixnapping-attack-steals-mfa-codes-pixel-by-pixel/
-
New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
Tags: 2fa, android, attack, authentication, data, exploit, flaw, google, group, mfa, side-channel, vulnerabilityAndroid devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and other sensitive data without the users’ knowledge pixel-by-pixel.The attack has been codenamed Pixnapping by a group of academics from the University of California (Berkeley), University of…
-
Computer mice can eavesdrop on private conversations, researchers discover
Tags: attack, computer, data, government, leak, linux, network, side-channel, software, vulnerabilityInvisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse Sensors is based on the discovery that some optical mice pick up incredibly small sound vibrations reaching them through the desk surfaces on which they are being used.These vibrations could then be captured by different types of software on PC, Mac or Linux computers, including non-privileged…
-
Computer mice can eavesdrop on private conversations, researchers discover
Tags: attack, computer, data, government, leak, linux, network, side-channel, software, vulnerabilityInvisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse Sensors is based on the discovery that some optical mice pick up incredibly small sound vibrations reaching them through the desk surfaces on which they are being used.These vibrations could then be captured by different types of software on PC, Mac or Linux computers, including non-privileged…
-
Computer mice can eavesdrop on private conversations, researchers discover
Tags: attack, computer, data, government, leak, linux, network, side-channel, software, vulnerabilityInvisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse Sensors is based on the discovery that some optical mice pick up incredibly small sound vibrations reaching them through the desk surfaces on which they are being used.These vibrations could then be captured by different types of software on PC, Mac or Linux computers, including non-privileged…
-
New MicMouse Attack Shows Computer Mice Can Capture Conversations
Security researchers at UC Irvine reveal the ‘Mic-E-Mouse’ attack, showing how high-DPI optical sensors in modern mice can detect desk vibrations and reconstruct user speech with high accuracy. Learn how this side-channel vulnerability affects your privacy. First seen on hackread.com Jump to article: hackread.com/mic-e-mouse-attack-computer-mice-conversations/
-
New MicMouse Attack Shows Computer Mice Can Capture Conversations
Security researchers at UC Irvine reveal the ‘Mic-E-Mouse’ attack, showing how high-DPI optical sensors in modern mice can detect desk vibrations and reconstruct user speech with high accuracy. Learn how this side-channel vulnerability affects your privacy. First seen on hackread.com Jump to article: hackread.com/mic-e-mouse-attack-computer-mice-conversations/
-
New MicMouse Attack Shows Computer Mice Can Capture Conversations
Security researchers at UC Irvine reveal the ‘Mic-E-Mouse’ attack, showing how high-DPI optical sensors in modern mice can detect desk vibrations and reconstruct user speech with high accuracy. Learn how this side-channel vulnerability affects your privacy. First seen on hackread.com Jump to article: hackread.com/mic-e-mouse-attack-computer-mice-conversations/
-
The importance of reviewing AI data centers’ policies
Tags: ai, attack, backdoor, corporate, cybersecurity, data, government, Hardware, jobs, monitoring, risk, side-channel, supply-chain, threat, tool, vulnerabilityWhat cybersecurity leaders need to consider: Given these expanded threats, cybersecurity leaders and decision makers must closely scrutinize whether their AI data center operators are implementing corporate policies that require technical measures to secure AI data centers across all layers of security, including hardware, data, and geopolitical. Examples of such policies include: closely inspecting hardware…
-
Cybersecurity Snapshot: Industrial Systems in Crosshairs of Russian Hackers, FBI Warns, as MITRE Updates List of Top Hardware Weaknesses
Tags: access, ai, attack, automation, cisa, cisco, cloud, conference, control, credentials, cve, cyber, cybersecurity, data, data-breach, deep-fake, detection, docker, espionage, exploit, flaw, framework, fraud, google, government, group, guide, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iot, LLM, microsoft, mitigation, mitre, mobile, network, nist, risk, russia, scam, service, side-channel, software, strategy, switch, technology, threat, tool, update, vulnerability, vulnerability-management, windowsCheck out the FBI’s alert on Russia-backed hackers infiltrating critical infrastructure networks via an old Cisco bug. Plus, MITRE dropped a revamped list of the most important critical security flaws. Meanwhile, NIST rolled out a battle plan against face-morphing deepfakes. And get the latest on the CIS Benchmarks and on vulnerability prioritization strategies! Here are…
-
AMD Warns of Transient Scheduler Attacks Impacting Broad Range of Chipsets
AMD has issued a security bulletin, AMD-SB-7029, highlighting several transient scheduler attacks that exploit speculative execution timing in its processors, potentially leading to loss of confidentiality. These vulnerabilities stem from investigations into a Microsoft report on microarchitectural leaks, revealing side-channel attacks where attackers could infer sensitive data through execution timing under specific conditions. Rated at…
-
AMD discloses new CPU flaws that can enable data leaks via timing attacks
Tags: access, attack, crowdstrike, cve, cvss, data, exploit, firmware, flaw, guide, leak, malware, microsoft, mitigation, risk, side-channel, strategy, supply-chain, threat, update, vulnerability, windowsCrowdStrike elevates threat classification despite CVSS scores: While AMD rates the vulnerabilities as medium and low severity based on attack complexity requirements, CrowdStrike has independently classified them as critical enterprise threats. The security firm specifically flagged CVE-2025-36350 and CVE-2025-36357 as “Critical information disclosure vulnerabilities in AMD processors,” despite both carrying CVSS scores of just 5.6.According…
-
AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs
Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information disclosure.The attacks, called Transient Scheduler Attacks (TSA), manifests in the form of a speculative side channel in its CPUs that leverages execution timing of instructions under specific microarchitectural conditions.”In some cases, an attacker…
-
FIPS 140-3 and You, Part Three
Tags: attack, authentication, ccc, compliance, conference, crypto, cryptography, cybersecurity, data, encryption, firmware, Hardware, international, network, nist, side-channel, software, technology, updateFIPS 140-3 and You, Part Three divya Thu, 06/05/2025 – 07:00 Last spring, in the second installment of this blog series, we were excited to announce that our Luna HSM product line was the first HSM in the industry to achieve FIPS 140-3 level 3 validation certificate. This spring, in this third installment, we happily…
-
Cache Timing Techniques Used to Bypass Windows 11 KASLR and Reveal Kernel Base
Cache timing side-channel attacks have been used to circumvent Kernel Address Space Layout Randomization (KASLR) on fully updated Windows 11 PCs, which is a startling discovery for cybersecurity aficionados and Windows kernel developers. KASLR, a critical security mechanism, randomizes the memory location of the kernel base to thwart exploitation attempts. However, as detailed in a…
-
Electromagnetic Side-Channel Analysis of Cryptographically Secured Devices
Electromagnetic (EM) side-channel analysis has emerged as a significant threat to cryptographically secured devices, particularly in the era of the Internet of Things (IoT). These attacks exploit information leakages through physical parameters such as EM radiation, which is emitted by all powered electronic devices due to internal current flows. Unlike traditional power analysis attacks, EM…
-
KernelSnitch: Uncovering a New Side-Channel Attack on Data Structures
Researchers at Graz University of Technology have uncovered a groundbreaking software-based side-channel attack,KernelSnitch, which exploits timing variances in Linux kernel data structures. Unlike hardware-dependent attacks, KernelSnitch targets hash tables, radix trees, and red-black trees, enabling unprivileged attackers to leak sensitive data across isolated processes, as per a report by a Researcher Published on Github. The…
-
Researchers Find New Side-Channel Attack Methods On Apple Chips
First seen on scworld.com Jump to article: www.scworld.com/brief/researchers-find-new-side-channel-attack-methods-on-apple-chips
-
Researchers uncover new side-channel attack methods on Apple chips
First seen on scworld.com Jump to article: www.scworld.com/brief/researchers-uncover-new-side-channel-attack-methods-on-apple-chips
-
New Apple SLAP FLOP Side-Channel Attacks Let Attackers Steal Login Details From Browser
Researchers from the Georgia Institute of Technology and Ruhr University Bochum have uncovered two novel speculative execution attacks, named SLAP (Speculative Data Attacks via Load Address Prediction) and FLOP (Breaking the Apple M3 CPU via False Load Output Predictions). These vulnerabilities impact Apple Silicon chips, exposing critical security risks in devices built on the M2/A15…