October 29, 2024 at 02:33AM Research from ETH Zürich reveals that AMD and Intel processors remain vulnerable to speculative execution attacks, despite previous mitigations. A microcode bug allows attackers to bypass the Indirect Branch Predictor Barrier (IBPB), enabling unauthorized memory leaks. Intel has issued patches, while AMD tracks its variant of the vulnerability. **Meeting Takeaways … Read more
September 13, 2024 at 10:02AM Operational resilience is crucial in the interconnected IT infrastructure, with hardware and firmware threats often overlooked. Global efforts, such as the US Executive Order and EU directives, aim to fortify supply chain security. Organizations face growing concerns over state-sponsored hardware and firmware threats, requiring a shift towards proactive endpoint security … Read more
September 9, 2024 at 02:36PM A new side-channel attack, code-named RAMBO by Dr. Mordechai Guri, has been discovered, utilizing radio signals from a device’s RAM to exfiltrate data, posing a threat to air-gapped networks. Dr. Guri has also developed various unconventional methods to extract data from offline networks using different hardware components. Countermeasures to block … Read more
August 22, 2024 at 01:54PM Cybersecurity researchers discovered a hardware backdoor in a specific model of MIFARE Classic contactless cards, enabling unauthorized access to open hotel rooms and office doors. The backdoor allows compromising user-defined keys and can be executed through a supply chain attack. Consumers using these cards, widely used in hotels across the … Read more
August 14, 2024 at 06:57AM Intel and AMD disclose multiple vulnerabilities in their products. Intel’s 43 advisories cover around 70 security holes, including high-severity flaws impacting various products. Medium-severity vulnerabilities were also patched in several hardware, software, and technologies. Similarly, AMD issued eight advisories addressing 46 vulnerabilities, including high-severity issues and plans to mitigate new … Read more
August 13, 2024 at 10:12AM A team at the CISPA Helmholtz Center for Information Security uncovered the “GhostWrite” vulnerability in T-Head’s XuanTie C910 and C920 RISC-V CPUs, allowing attackers to gain unrestricted access to affected devices. The flaw lies in the vector extension, requiring disabling half the CPU’s functionality for full mitigation, impacting performance especially … Read more
August 13, 2024 at 07:48AM Hardsec, short for “Hardware Security,” implements security defense using hardware logic and electronics, providing higher security assurance than software-only approaches. The rise in sophisticated cyber threats makes hardsec essential for highly regulated industries. Governments, including the US and UK, are mandating hardsec to safeguard critical systems and data, emphasizing its … Read more
August 7, 2024 at 01:08PM Computer security researchers at CISPA Helmholtz Center in Germany have discovered security flaws in T-Head Semiconductor’s RISC-V processors, notably the GhostWrite vulnerability in the TH1520 SoC. The flaw allows unauthorized access to physical memory, posing a significant risk to affected devices. The vulnerability is inherently tied to the design of … Read more
July 2, 2024 at 07:07AM Modern Intel CPUs like Raptor Lake and Alder Lake are vulnerable to a new side-channel attack named “Indirector.” The attack exploits weaknesses in Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB) to leak sensitive information. Mitigations include using Indirect Branch Predictor Barrier (IBPB) more aggressively and hardening the Branch … Read more
July 1, 2024 at 10:07AM Apple’s AI initiatives have significant implications for hardware security, with an emphasis on customer privacy and extensive private infrastructure control. This includes secure lockboxes for AI queries and embedded security features in device and server chips. In contrast, rivals face security complexities with their diverse cloud and chip partnerships, raising … Read more