September 4, 2024 at 01:59PM A new “EUCLEAK” flaw affects FIDO devices, such as Yubico’s YubiKey 5 Series, using the Infineon SLE78 microcontroller, allowing attackers to extract Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys. The attack requires extended physical access and specialized equipment, limiting the risk to highly sophisticated, state-sponsored threat actors against high-value … Read more
September 4, 2024 at 08:36AM NinjaLab demonstrated the Eucleak attack, exploiting a vulnerability in third-party cryptographic libraries to clone YubiKey hardware authentication devices. The attack requires physical access and equipment to extract the cryptographic key, but Yubico has issued a security advisory and implemented firmware updates to mitigate the issue. Infineon is also working on … Read more
April 2, 2024 at 03:32AM Apple’s reputation for security and processor performance is marred by the GoFetch flaw in its architecture, known years prior to the launch of Apple Silicon processors. The clash between speed and secrecy in high-end chip philosophy and the industry’s obsession with benchmarking hinders the timely discovery and prevention of vulnerabilities, … Read more