New Eucleak attack lets threat actors clone YubiKey FIDO keys

September 4, 2024 at 01:59PM A new “EUCLEAK” flaw affects FIDO devices, such as Yubico’s YubiKey 5 Series, using the Infineon SLE78 microcontroller, allowing attackers to extract Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys. The attack requires extended physical access and specialized equipment, limiting the risk to highly sophisticated, state-sponsored threat actors against high-value … Read more

New ‘Eucleak’ attack let attackers clone YubiKey FIDO keys

September 4, 2024 at 01:51PM A new security flaw called “EUCLEAK” has been discovered in FIDO devices utilizing the Infineon SLE78 security microcontroller, such as the Yubico YubiKey 5 Series. The flaw allows attackers to extract secret keys and clone the FIDO device using a side-channel attack, requiring specialized equipment and a high level of … Read more

PuTTY SSH client flaw allows recovery of cryptographic private keys

April 16, 2024 at 11:07AM The PuTTY version 0.68 through 0.80 contains a vulnerability (CVE-2024-31497) that could allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation. It affects systems using ECDSA keys and could be exploited to gain unauthorized access to SSH servers or sign commits as … Read more