Security News

Bad news: Another data-leaking CPU flaw. Good news: It's utterly impractical
2023-08-01 17:00

Collide+Power vulnerability leaks secrets bit by bit - but could take months or years to learn a useful secret Boffins in Austria and Germany have devised a power-monitoring side-channel attack on...

Zenbleed: How the quest for CPU performance could put your passwords at risk
2023-07-26 19:01

In Ormandy's Zenbleed bug, now officially known as CVE-2023-20593, the problem arises when an AMD Zen 2 processor performs a special instruction that exists to set multiple so-called vector registers to zero at the same time. Vector registers are used to store data used by special high-performance numeric and data processing instructions, and in most modern Intel and AMD processors they are a chunky 256 bits wide, unlike the 64 bits of the CPU's general purpose registers used for traditional programming purposes.

Hot Pixels attack checks CPU temp, power changes to steal data
2023-05-27 14:08

A team of researchers at Georgia Tech, the University of Michigan, and Ruhr University Bochum have developed a novel attack called "Hot Pixels," which can retrieve pixels from the content displayed in the target's browser and infer the navigation history. Next, the team experimented with data-dependent leakage channels on discreet and integrated GPUs, including Apple's M1 and M2, AMD Radeon RX 6600, Nvidia GeForce RTX 3060, and Intel Iris Xe. The researchers performed a detailed investigation and characterization of how different processing behaviors could impact observable factors like power consumption, temperature, and frequency and used this data as a foundation to evaluate the "Hot Pixels" attack.

Intel CPUs vulnerable to new transient execution side-channel attack
2023-04-24 19:38

A new side-channel attack impacting multiple generations of Intel CPUs has been discovered, allowing data to be leaked through the EFLAGS register. Instead of relying on the cache system like many other side-channel attacks, this new attack leverages a flaw in transient execution that makes it possible to extract secret data from user memory space through timing analysis.

Nvidia working on driver fix for Windows BSOD, high CPU usage
2023-03-06 22:53

Nvidia confirmed today that it's working to fix a driver issue causing high CPU usage and blue screens of death on Windows systems. The buggy driver is the GeForce Game Ready 531.18 WHQL driver released on February 28th that introduced support for RTX Video Super Resolution.

Microsoft releases Windows security updates for Intel CPU flaws
2023-03-03 01:02

Microsoft has released out-of-band security updates for 'Memory Mapped I/O Stale Data' information disclosure vulnerabilities in Intel CPUs.The Mapped I/O side-channel vulnerabilities were initially disclosed by Intel on June 14th, 2022, warning that the flaws could allow processes running in a virtual machine to access data from another virtual machine.

Windows devices with newest CPUs are susceptible to data damage
2022-08-08 20:42

Microsoft has warned today that Windows devices with the newest supported processors are susceptible to data damage on Windows 11 and Windows Server 2022. "Windows devices that support the newest Vector Advanced Encryption Standard instruction set might be susceptible to data damage," the company revealed today.

Single-Core CPU Cracked Post-Quantum Encryption Candidate Algorithm in Just an Hour
2022-08-07 04:15

A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time. The algorithm in question is SIKE - short for Supersingular Isogeny Key Encapsulation - which made it to the fourth round of the Post-Quantum Cryptography standardization process by the U.S. Department of Commerce's National Institute of Standards and Technology.

New 'Retbleed' Speculative Execution Attack Affects AMD and Intel CPUs
2022-07-14 08:42

Retbleed is also the latest addition to a class of Spectre attacks known as Spectre-BTI, which exploit the side effects of an optimization technique called speculative execution by means of a timing side channel to trick a program into accessing arbitrary locations in its memory space and leak private information. Speculative execution attempts to fill the instruction pipeline of a program by predicting which instruction will be executed next in order to gain a performance boost, while also undoing the results of the execution should the guess turn out to be wrong.

New Retbleed speculative execution CPU attack bypasses Retpoline fixes
2022-07-14 07:13

Security researchers have discovered a new speculative execution attack called Retbleed that affects processors from both Intel and AMD and could be used to extract sensitive information. Retpoline was released a software-based solution to mitigate speculative execution attacks by using return operations to isolate indirect branches.