Cloud Security Alliance News Clipping Site

Tag: side-channel attack

  • Hacker News: When machine learning tells the wrong story

    by

    system automation
    in

    Source URL: https://jackcook.com/2024/11/09/bigger-fish.html Source: Hacker News Title: When machine learning tells the wrong story Feedly Summary: Comments AI Summary and Description: Yes Summary: The text presents a comprehensive account of a research project that explores the vulnerabilities of machine learning-assisted side-channel attacks, particularly in web browsers. It emphasizes the implications of using machine learning for…

  • Bulletins: Vulnerability Summary for the Week of October 28, 2024

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/bulletins/sb24-309 Source: Bulletins Title: Vulnerability Summary for the Week of October 28, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info acnoo — flutter_api  Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API:…

  • Hacker News: Cross-Process Spectre Exploitation

    by

    system automation
    in

    Source URL: https://grsecurity.net/cross_process_spectre_exploitation Source: Hacker News Title: Cross-Process Spectre Exploitation Feedly Summary: Comments AI Summary and Description: Yes **Summary**: This detailed text discusses a newly developed cross-process Spectre attack exploiting vulnerabilities in Intel processors, specifically involving the Indirect Branch Prediction Barrier (IBPB). The attack showcases how certain exploit methodologies can retain unauthorized data through microcode…

  • Schneier on Security: YubiKey Side-Channel Attack

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/09/yubikey-side-channel-attack.html Source: Schneier on Security Title: YubiKey Side-Channel Attack Feedly Summary: There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment. Still, nice piece…

  • Wired: YubiKeys Are a Security Gold Standard—but They Can Be Cloned

    by

    system automation
    in

    Source URL: https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/ Source: Wired Title: YubiKeys Are a Security Gold Standard—but They Can Be Cloned Feedly Summary: Security researchers have discovered a cryptographic flaw that leaves the YubiKey 5 vulnerable to attack. AI Summary and Description: Yes Summary: The text discusses a critical vulnerability in the YubiKey 5 hardware token due to a side-channel…

  • Hacker News: Yubikeys are vulnerable to cloning attacks thanks to side channel

    by

    system automation
    in

    Source URL: https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/ Source: Hacker News Title: Yubikeys are vulnerable to cloning attacks thanks to side channel Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a significant cryptographic vulnerability in the YubiKey 5 hardware authentication token, which has implications for security professionals and organizations relying on hardware tokens for two-factor authentication.…

  • Hacker News: EUCLEAK Side-Channel Attack on the YubiKey 5 Series

    by

    system automation
    in

    Source URL: https://ninjalab.io/eucleak/ Source: Hacker News Title: EUCLEAK Side-Channel Attack on the YubiKey 5 Series Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a significant security vulnerability discovered in the ECDSA implementation of Infineon Technologies’ cryptographic library found in FIDO hardware tokens, particularly impacting the YubiKey 5 Series. The vulnerability, termed…