Security News
A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. This can have significant security implications on cryptographic libraries even when implemented correctly as constant-time code to prevent timing-based side channels, effectively enabling an attacker to leverage the execution time variations to extract sensitive information such as cryptographic keys.
A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling. "In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. [.] Hertzbleed is a real, and practical, threat to the security of cryptographic software," the security researchers explain.
A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling. "In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. [.] Hertzbleed is a real, and practical, threat to the security of cryptographic software," the security researchers explain.
AMD is investigating an issue in its GPU software suite that causes an auto-adjustment of AMD Ryzen CPU performance settings for users without permission. The chipmaker confirmed the GPU driver bug to Tom's Hardware via a generic statement that didn't give many details, mitigation advice, or estimated fix dates.
Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm and stage speculative execution attacks such as Spectre to leak sensitive information from host memory.Attacks like Spectre are designed to break the isolation between different applications by taking advantage of an optimization technique called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets.
Security researchers have found new a new way to bypass existing hardware-based defenses for speculative execution in modern computer processors from Intel, AMD, and Arm. Today, the three CPU manufacturers have published advisories accompanied by mitigation updates and security recommendations to tackle recently discovered issues that allow leaking of sensitive information despite isolation-based protections.
The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. In terms of quality at the point of release, Halo Infinite has stepped out as the clear winner.
AMD alone dropped 50 new CVEs on Thursday, 23 of them rated of "High" concern, meaning they're rated at between 7.0 and 8.9 on the the-point Common Vulnerability Scoring System. Let's start with the 27 flaws in the AMD Graphics Driver for Windows 10 - 18 of them rated High - because at least they're in software and Microsoft and Adobe's patch issuance cadence means readers could be in the mood to fix code.
AMD has fixed a long list of security vulnerabilities found in its graphics driver for Windows 10 devices, allowing attackers to execute arbitrary code and elevate privileges on vulnerable systems. "In a comprehensive analysis of the AMD Escape calls, a potential set of weaknesses in several APIs was discovered, which could result in escalation of privilege, denial of service, information disclosure, KASLR bypass, or arbitrary write to kernel memory," AMD explained.
AMD says it observed performance hits of up to 15% on Windows 11-compatible AMD processors when using some applications. Microsoft and AMD are investigating two separate issues affecting AMD CPUs' performance on Windows 11.