Security News

Boffins based in Austria, Germany, and the UK have identified yet another data-leaking side-channel flaw affecting Intel processors, and potentially other chips, that exposes cryptographic secrets in memory. The paper describes a way to extract confidential data from devices by measuring power consumption fluctuations in Intel chips from Sandy Bridge onward using just software and without the need to physically wire instruments to machines.

Intel's Software Guard Extensions, known as SGX among friends, consist of a set of instructions for running a secure enclave inside an encrypted memory partition using certain Intel microprocessors. Sadly for Intel and those who depend on its technology, security researchers keep finding flaws in SGX. On Tuesday, two separate sets of boffins published papers describing SGX vulnerabilities, but they're not really quite as bad as is claimed.

If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave. Dubbed CacheOut a.k.a. L1 Data Eviction Sampling and assigned CVE-2020-0549, the new microarchitectural attack allows an attacker to choose which data to leak from the CPU's L1 Cache, unlike previously demonstrated MDS attacks where attackers need to wait for the targeted data to be available.

A gentle guide to enclaves and trusted execution environments Sponsored Data and code are the lifeblood of digital organisations, and increasingly these are shared with others in order to achieve...

A team of cybersecurity researchers demonstrated a novel yet another technique to hijack Intel SGX, a hardware-isolated trusted space on modern Intel CPUs that encrypts extremely sensitive data to...

I was caught in the middle of a memory attack, and I knew there was no turning back Intel on Tuesday plans to release 11 security advisories, including a microcode firmware update to patch a...

Runtime encryption company Fortanix has launched a free and open source software development kit (SDK) for building Intel Software Guard Extensions (SGX) applications. read more

Fortanix launched its Enclave Development Platform (EDP) at RSA Conference. The Fortanix EDP provides a native Rust-based SDK to write Intel Software Guard Extensions (Intel SGX) enclaves. The...

Intel and its partners this week made several cybersecurity-related announcements, including the launch of new silicon-enabled products and tools. read more

Chipzilla rips sticker off his graphics accelerator, switches off GPU, now you're a security wizard, Harry! RSA Intel is touting a PCIe card packed with SGX tech to plug into servers, plus some...