Tag: side-channel
-
New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones
New CPU side-channel attacks named SLAP and FLOP can be exploited to remotely steal data from Apple mobile and desktop devices. The post New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/new-slap-and-flop-cpu-attacks-expose-data-from-apple-computers-phones/
-
New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits
A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome.The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and…
-
Apple chips can be hacked to leak secrets from Gmail, iCloud, and more
Side channel gives unauthenticated remote attackers access they should never have. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/01/newly-discovered-flaws-in-apple-chips-leak-secrets-in-safari-and-chrome/
-
New Apple CPU side-channel attacks steal data from browsers
A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-apple-cpu-side-channel-attack-steals-data-from-browsers/
-
New Apple CPU side-channel attacks steals data from browsers
A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-apple-cpu-side-channel-attack-steals-data-from-browsers/
-
DNA sequencer vulnerabilities signal firmware issues across medical device industry
Tags: access, advisory, attack, best-practice, computer, computing, control, credentials, data, exploit, firmware, flaw, Hardware, iot, leak, malicious, malware, mitigation, privacy, rce, remote-code-execution, risk, side-channel, software, supply-chain, update, vulnerability, windowsIn highlighting vulnerabilities in a widely used DNA gene sequencing device, security researchers have brought further attention to the likely poor state of security in the medical device industry, where hardware and firmware development is often outsourced to external equipment manufacturers under questionable support contracts.The device, Illumina’s iSeq 100 compact DNA sequencer, is used by…
-
With ‘TPUXtract,’ Attackers Can Steal Orgs’ AI Models
A new side-channel attack method is a computationally practical way to infer the structure of a convolutional neural network, meaning that cyberattackers or rival companies can plagiarize AI models and take their data for themselves. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/tpuxtract-attackers-steal-ai-models
-
BadRAM: Historischer Seitenkanal hebelt RAM-Verschlüsselung aus
Server schützen Daten mit komplexen Funktionen für Confidential Computing, die sich durch Speicherriegel mit gefälschter Konfiguration austricksen lassen. First seen on heise.de Jump to article: www.heise.de/news/BadRAM-Historischer-Seitenkanal-hebelt-Confidential-Computing-in-der-Cloud-aus-10193941.html
-
Sicherheitslücke WebGPU: Rechnerzugriff über Seitenkanal-Angriffe auf Grafikkarte
Dieses Forschungsprojekt ist im Field of Expertise ‘Information, Communication & Computing verankert, einem von fünf strategischen Schwerpunktfeldern … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sicherheitsluecke-webgpu-rechnerzugriff-ueber-seitenkanal-angriffe-auf-grafikkarte/a37063/
-
Yubikey-Seitenkanal: Weitere Produkte für Cloning-Attacke anfällig
Die Seitenkanal-Lücke EUCLEAK wurde auch als “Yubikey-Cloning-Attacke” bekannt. Das BSI re-zertifiziert aktualisierte Produkte, die betroffen waren. First seen on heise.de Jump to article: www.heise.de/news/EUCLEAK-Weitere-Produkte-fuer-Cloning-Attacke-anfaellig-10078520.html
-
EUCLEAK: Weitere Produkte für Cloning-Attacke anfällig
Die Seitenkanal-Lücke EUCLEAK wurde auch als “Yubikey-Cloning-Attacke” bekannt. Das BSI re-zertifiziert aktualisierte Produkte, die betroffen waren. First seen on heise.de Jump to article: www.heise.de/news/EUCLEAK-Weitere-Produkte-fuer-Cloning-Attacke-anfaellig-10078520.html
-
DEF CON 32 Your AI Assistant Has A Big Mouth: A New Side Channel Attack
Authors/Presenters: Yisroel Mirsky Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/def-con-32-your-ai-assistant-has-a-big-mouth-a-new-side-channel-attack/
-
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
First seen on arstechnica.com Jump to article: arstechnica.com/
-
New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers
A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the audio gap and exfiltrating sensitive informat… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/new-pixhell-attack-exploits-screen.html
-
New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks
A novel side-channel attack has been found to leverage radio signals emanated by a device’s random access memory (RAM) as a data exfiltration mechanis… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/new-rambo-attack-uses-ram-radio-signals.html
-
Eucleak: YubiKey-Lücke ermöglicht Side-Channel-Attacken
Tags: side-channelFirst seen on csoonline.com Jump to article: www.csoonline.com/de/a/yubikey-luecke-ermoeglicht-side-channel-attacken
-
RAM Signals Expose Air-Gapped Networks to Attacks
RAM-Based Radio Signal Attack Allows Attackers to Exfiltrate Data. A novel side-channel attack exploits radio signals emitted by random access memory … First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ram-signals-expose-air-gapped-networks-to-attacks-a-26258
-
New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers
A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the audio gap and exfiltrating sensitive informat… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/new-pixhell-attack-exploits-screen.html
-
New RAMBO attack steals data using RAM in air-gapped computers
A novel side-channel attack dubbed RAMBO (Radiation of Air-gapped Memory Bus for Offense) generates electromagnetic radiation from a device’s RAM to … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-rambo-attack-steals-data-using-ram-in-air-gapped-computers/
-
USENIX Security ’23 Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels
Authors/Presenters:Andreas Kogler, Jonas Juffinger, Lukas Giner, Lukas Gerlach, Martin Schwarzl, Michael Schwarz, Daniel Gruss, Stefan Mangard Many th… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/usenix-security-23-collidepower-leaking-inaccessible-data-with-software-based-power-side-channels/
-
USENIX Security ’23 (M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels
Tags: side-channelAuthors/Presenters:Ruiyi Zhang, Taehyun Kim, Daniel Weber, Michael Schwarz Many thanks to USENIX for publishing their outstanding USENIX Security ’23 … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/usenix-security-23-mwait-for-it-bridging-the-gap-between-microarchitectural-and-architectural-side-channels/
-
YubiKey 5 devices open to cloning via side-channel attacks
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/yubikey-5-devices-open-to-cloning-via-side-channel-attacks
-
Yubikey: Cloning-Angriff über Seitenkanal
First seen on heise.de Jump to article: www.heise.de/news/Yubikey-Cloning-Angriff-Offenbar-moeglich-aber-nicht-trivial-9856972.html
-
Crypto Vulnerability Allows Cloning of YubiKey Security Keys
YubiKey security keys can be cloned via a side-channel attack that leverages a vulnerability in a cryptographic library. The post Crypto Vulnerability… First seen on securityweek.com Jump to article: www.securityweek.com/crypto-vulnerability-allows-cloning-of-yubikey-security-keys/
-
USENIX Security ’23 Checking Passwords On Leaky Computers: A Side Channel Analysis Of Chrome’s Password Leak Detect Protocol
Authors/Presenters:Andrew Kwong, Walter Wang, Jason Kim, Jonathan Berger, Daniel Genkin, Eyal Ronen, Hovav Shacham, Riad Wahby, Yuval Yarom Many thank… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/usenix-security-23-checking-passwords-on-leaky-computers-a-side-channel-analysis-of-chromes-password-leak-detect-protocol/
-
USENIX Security ’23 CipherH: Automated Detection of Ciphertext Side-channel Vulnerabilities in Cryptographic Implementations
Authors/Presenters:Sen Deng, Mengyuan Li, Yining Tang, Shuai Wang, Shoumeng Yan, Yinqian Zhang Many thanks to USENIX for publishing their outstanding … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/usenix-security-23-cipherh-automated-detection-of-ciphertext-side-channel-vulnerabilities-in-cryptographic-implementations/
-
USENIX Security ’23 Pspray: Timing Side-Channel Based Linux Kernel Heap Exploitation Technique
Authors/Presenters:Yoochan Lee and Jinhan Kwak, Junesoo Kang, Yuseok Jeon, Byoungyoung Lee Many thanks to USENIX for publishing their outstanding USEN… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/usenix-security-23-pspray-timing-side-channel-based-linux-kernel-heap-exploitation-technique/
-
Researchers Found a New Technique to Defend Cache Side Channel Attacks
Researchers from the University of Rochester have unveiled a novel technique to defend against cache side-channel attacks, a prevalent threat in moder… First seen on gbhackers.com Jump to article: gbhackers.com/technique-channel-attacks/
-
USENIX Security ’23 Side-Channel Attacks on Optane Persistent Memory
Authors/Presenters:Sihang Liu, University of Virginia; Suraaj Kanniwadi, Martin Schwarzl, Andreas Kogler, Daniel Gruss, Samira Khan Many thanks to USE… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/usenix-security-23-side-channel-attacks-on-optane-persistent-memory/
-
USENIX Security ’23 Cipherfix: Mitigating Ciphertext Side-Channel Attacks in Software
Authors/Presenters:Jan Wichelmann, Anna Pätschke, Luca Wilke, Thomas Eisenbarth Many thanks to USENIX for publishing their outstanding USENIX Security… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/usenix-security-23-cipherfix-mitigating-ciphertext-side-channel-attacks-in-software/