Security News

A new side-channel attack impacting multiple generations of Intel CPUs has been discovered, allowing data to be leaked through the EFLAGS register. Instead of relying on the cache system like many other side-channel attacks, this new attack leverages a flaw in transient execution that makes it possible to extract secret data from user memory space through timing analysis.

Nvidia confirmed today that it's working to fix a driver issue causing high CPU usage and blue screens of death on Windows systems. The buggy driver is the GeForce Game Ready 531.18 WHQL driver released on February 28th that introduced support for RTX Video Super Resolution.

Microsoft has released out-of-band security updates for 'Memory Mapped I/O Stale Data' information disclosure vulnerabilities in Intel CPUs.The Mapped I/O side-channel vulnerabilities were initially disclosed by Intel on June 14th, 2022, warning that the flaws could allow processes running in a virtual machine to access data from another virtual machine.

Microsoft has warned today that Windows devices with the newest supported processors are susceptible to data damage on Windows 11 and Windows Server 2022. "Windows devices that support the newest Vector Advanced Encryption Standard instruction set might be susceptible to data damage," the company revealed today.

A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time. The algorithm in question is SIKE - short for Supersingular Isogeny Key Encapsulation - which made it to the fourth round of the Post-Quantum Cryptography standardization process by the U.S. Department of Commerce's National Institute of Standards and Technology.

Retbleed is also the latest addition to a class of Spectre attacks known as Spectre-BTI, which exploit the side effects of an optimization technique called speculative execution by means of a timing side channel to trick a program into accessing arbitrary locations in its memory space and leak private information. Speculative execution attempts to fill the instruction pipeline of a program by predicting which instruction will be executed next in order to gain a performance boost, while also undoing the results of the execution should the guess turn out to be wrong.

Security researchers have discovered a new speculative execution attack called Retbleed that affects processors from both Intel and AMD and could be used to extract sensitive information. Retpoline was released a software-based solution to mitigate speculative execution attacks by using return operations to isolate indirect branches.

Google is testing a new 'Quick Intensive Throttling' feature that reduces CPU time by 10%, extending the battery life for laptops and mobile devices. In Chrome 87, Google introduced a new feature called 'Intensive Wake Up Throttling' that prevents JavaScript from waking up a tab more than once a minute after it has been suspended and hidden from view for more than 5 minutes.

A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. This can have significant security implications on cryptographic libraries even when implemented correctly as constant-time code to prevent timing-based side channels, effectively enabling an attacker to leverage the execution time variations to extract sensitive information such as cryptographic keys.

A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling. "In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. [.] Hertzbleed is a real, and practical, threat to the security of cryptographic software," the security researchers explain.