Security News

Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices. Specifically, the Israeli cybersecurity firm discovered that a trusted app on a Xiaomi device can be downgraded due to a lack of version control, enabling an attacker to replace a newer, secure version of an app with an older, vulnerable variant.

Intel has disclosed how it may be able to protect systems against some physical threats by repurposing circuitry originally designed to counter variations in voltage and timing that may occur as silicon circuits age. According to Intel, adding the TRC brings fault injection detection technology to the Converged Security and Management Engine, a part of the Platform Controller Hub chipset in Alder Lake.

Security analysts have found security issues in the payment system present on Xiaomi smartphones that rely on MediaTek chips providing the trusted execution environment that is responsible for signing transactions. Considering how common mobile payments and Xiaomi phones are, especially in Asian markets, the money pool hackers could tap into is estimated to be in the billions of U.S. dollars.

What is an APIC, and why do I need it? How can you have data that even the kernel can't peek at? What causes this epic failure in APIC? Does the ÆPIC Leak affect me? What to do about it? What's an APIC? How can you have data that even the kernel can't peek at?

A group of computer scientists has identified an architectural error in certain recent Intel CPUs that can be abused to expose SGX enclave data like private encryption keys. The bug affects recent Intel CPUs based on the company's Sunny Cove microarchitecture, the authors say.

The enterprise-grade Titan M security chip was custom built to help protect data. Derived from the same chip Google uses to protect its cloud data centers, it handles processes and information, such as passcode protection, encryption, and secure transactions in apps.

Older AMD and Intel chips are vulnerable to yet another Spectre-based speculative-execution attack that exposes secrets within kernel memory despite defenses already in place. "Unlike its siblings, who trigger harmful branch target speculation by exploiting indirect jumps or calls, Retbleed exploits return instructions," explained Wikner and Razavi in a draft blog post about the design bug provided to The Register.

This is a new vulnerability against Apple's M1 chip. Researchers from MIT's Computer Science and Artificial Intelligence Laboratory have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature.

Apple's M1 chip has been found to contain a hardware vulnerability that can be abused to disable one of its defense mechanisms against memory corruption exploits, giving such attacks a greater chance of success. MIT CSAIL computer scientists on Friday said they have identified a way to bypass the M1 chip's pointer authentication, a security mechanism that tries to prevent an attacker from modifying memory references without being detected.

A critical security flaw has been uncovered in UNISOC's smartphone chipset that could be potentially weaponized to disrupt a smartphone's radio communications through a malformed packet. "Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location," Israeli cybersecurity company Check Point said in a report shared with The Hacker News.