Search results for: side-channel attacks

Intel processor

Intel releases updates to plug TPM-FAIL flaws, foil ZombieLoad v2 attacks

Intel’s Patch Tuesday releases are rarely so salient as those pushed out this month: the semiconductor chip manufacturer has patched a slew of high-profile vulnerabilities in their chips and drivers. TPM-FAIL TPM-FAIL is a name given to vulnerabilities found in some Intel’s firmware-based TPM (fTPM) and STMicroelectronics’ TPM chipsets, discovered by Ahmad “Daniel” Moghimi and Berk Sunar from Worcester Polytechnic Institute, Thomas Eisenbarth from University of Lübeck and Nadia Heninger from University of California at … More

Crypto Quantique raises $8M to address the growing challenges of end-to-end IoT security

Crypto Quantique, a privately held company with a mission to revolutionize the IoT with quantum driven cybersecurity, announced that it has raised an $8 million seed round led by ADV along with participation from Entrepreneur First, amongst others. Crypto Quantique’s disruptive cybersecurity technology, uses the most advanced techniques in cryptography and quantum physics to address the growing challenges of end-to-end IoT security. Its unique feature is that a single chip can generate multiple, unique, unforgeable … More

patch

September 2019 Patch Tuesday: Microsoft plugs two actively exploited zero-days

For the September 2019 Patch Tuesday, Microsoft delivered fixes for 80 CVE-numbered security issues (including to actively exploited zero-days), Adobe fixed flaws in Flash Player and Application Manager, and Intel offered solutions and mitigations for two security holes, one of which could allow a side-channel attack aimed at acquiring sensitive data (e.g., keystrokes in a SSH session). Microsoft’s patches Let’s start with the zero-days exploited in the wild. CVE-2019-1214 is an elevation of privilege vulnerability … More

Intel CPU

SWAPGS Attack: A new Spectre haunts machines with Intel CPUs

Bitdefender researchers have uncovered yet another viable speculative execution side-channel attack that can be leveraged against Intel CPUs and the computers running on them. The SWAPGS Attack, as they call it, circumvents the protective measures that have been put in-place in response to earlier attacks such as Spectre and Meltdown. Still, there is plenty of good news: Microsoft has already released Windows patches for the flaw that makes the attack possible and, even though feasible, … More

OpenSSH

OpenSSH adds protection against Spectre, Meltdown, RAMBleed

OpenSSH, a widely used suite of programs for secure (SSH protocol-based) remote login, has been equipped with protection against side-channel attacks that could allow attackers to extract private keys from memory. About OpenSSH OpenSSH is the most popular implementation of the SSH (Secure Shell) protocol. It encrypts all traffic to stymie eavesdropping, connection hijacking, and similar attacks, and provides several authentication methods, a variety of configuration options and various tunneling capabilities. The suite is incorporated … More

keyboard

New user keystroke impersonation attack uses AI to evade detection

A sophisticated attack, called Malboard, in which a compromised USB keyboard automatically generates and sends malicious keystrokes that mimic the attacked user’s behavioral characteristics, was developed by Ben-Gurion University of the Negev (BGU) cybersecurity researchers. Using artificial intelligence Keystrokes generated maliciously do not typically match human typing and can easily be detected. Using artificial intelligence, however, the Malboard attack autonomously generates commands in the user’s style, injects the keystrokes as malicious software into the keyboard … More

Field-programmable gate arrays

Scientists uncover vulnerability in FPGAs, affecting cloud services and IoT

Field-programmable gate arrays (FPGAs) are, so to say, a computer manufacturer’s “Lego bricks”: electronic components that can be employed in a more flexible way than other computer chips. Even large data centers that are dedicated to cloud services, such as those provided by some big technology companies, often resort to FPGAs. To date, the use of such services has been considered as relatively secure. Recently, however, scientists at Karlsruhe Institute of Technology (KIT) uncovered potential … More

Wi-Fi

WPA3 design flaws affect security of new Wi-Fi standard

Researchers have discovered a number of design flaws affecting the security of the recently introduced WPA3 data transmission protocol. Collectively dubbed Dragonblood (because they affect WPA3’s Dragonfly handshake), they can be exploited to mount a DoS attack against a vulnerable access point or, more worryingly, to recover the password of a Wi-Fi network. “Attackers can then read information that WPA3 was assumed to safely encrypt. This can for example be abused to steal sensitive information … More

Intel SGX card

Intel and partner ecosystem plan to accelerate the adoption of hardware-enabled security

Intel along with customers and industry partners announced several solutions designed to scale and accelerate the adoption of hardware-enabled security across data center, cloud, network and edge. From OEMs to cloud service providers (CSPs) and independent software vendors (ISVs), Intel continues to help lead the industry and advance security tools and resources that help improve the security and privacy of application processing in the cloud, provide platform-level threat detection and shrink the attack surface. “Hardware-based … More

DNA

Researchers eavesdrop on DNA synthesizer to steal genetic blueprint

Researchers from the University of California, Irvine (UCI) and the University of California, Riverside (UCR) have uncovered the possibility of an acoustic side-channel attack on the DNA synthesis process, a vulnerability that could present a serious risk to biotechnology and pharmaceutical companies and academic research institutions. During the DNA synthesis process in a laboratory, recordings can be made of the subtle, telltale noises made by synthesis machines. And those captured sounds can be used to … More

roads

Venafi and nCipher Security collaborate to protect machine identity

Venafi, the leading provider of machine identity protection, and nCipher Security, the provider of trust, integrity and control for critical business information and applications, announced a new technology partnership and integration. The integrated solution combines Venafi Advanced Key Protect with nCipher nShield hardware security modules (HSMs) and can be used to scale the generation and protection of machine identities – even in complex, high‐security environments. Cryptographic keys serve as machine identities and are the foundation … More

complex

Week in review: VirtualBox 0day, GPU side channel attacks, vulnerable self-encrypting SSDs

Here’s an overview of some of last week’s most interesting news and articles: Five key considerations when developing a Security Operations Center Organizations should start with the following five key considerations if they are to get the most out of their SOC. How financial institutions can change the economics of fraud The volume of data breaches has bolstered fraudster’s ability to waltz through the front doors of businesses using synthetic identities. VirtualBox Guest-to-Host escape 0day … More