Experimental News Clipping Site

Tag: physical access

  • Hacker News: AMD’s trusted execution environment blown wide open by new BadRAM attack

    by

    system automation
    in

    Source URL: https://arstechnica.com/information-technology/2024/12/new-badram-attack-neuters-security-assurances-in-amd-epyc-processors/ Source: Hacker News Title: AMD’s trusted execution environment blown wide open by new BadRAM attack Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses significant vulnerabilities related to physical access to cloud servers, particularly spotlighting a proof-of-concept attack known as BadRAM that exploits security assurances offered by AMD’s microprocessors.…

  • The Register: AMD secure VM tech undone by DRAM meddling

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/10/amd_secure_vm_tech_undone/ Source: The Register Title: AMD secure VM tech undone by DRAM meddling Feedly Summary: Boffins devise BadRAM attack to pilfer secrets from SEV-SNP encrypted memory Researchers have found that the security mechanism AMD uses to protect virtual machine memory can be bypassed with $10 of hardware – and perhaps not even that.……

  • Hacker News: Reverse Engineering iOS 18 Inactivity Reboot

    by

    system automation
    in

    Source URL: https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html Source: Hacker News Title: Reverse Engineering iOS 18 Inactivity Reboot Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the new inactivity reboot feature in iOS 18, which adds a significant layer of security by forcing a device reboot after three days of inactivity. This feature aims to protect…

  • Bulletins: Vulnerability Summary for the Week of October 28, 2024

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/bulletins/sb24-309 Source: Bulletins Title: Vulnerability Summary for the Week of October 28, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info acnoo — flutter_api  Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API:…

  • Hacker News: When Samsung meets MediaTek: the story of a small bug chain [pdf]

    by

    system automation
    in

    Source URL: https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Article-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf Source: Hacker News Title: When Samsung meets MediaTek: the story of a small bug chain [pdf] Feedly Summary: Comments AI Summary and Description: Yes Summary: The text details a significant security vulnerability found in the boot chain of Samsung mobile devices using MediaTek System-on-Chips. The vulnerability, which can allow an attacker with…

  • Hacker News: EUCLEAK Side-Channel Attack on the YubiKey 5 Series

    by

    system automation
    in

    Source URL: https://ninjalab.io/eucleak/ Source: Hacker News Title: EUCLEAK Side-Channel Attack on the YubiKey 5 Series Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a significant security vulnerability discovered in the ECDSA implementation of Infineon Technologies’ cryptographic library found in FIDO hardware tokens, particularly impacting the YubiKey 5 Series. The vulnerability, termed…

  • The Register: Intel’s Software Guard Extensions broken? Don’t panic

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/08/27/intel_root_key_xeons/ Source: The Register Title: Intel’s Software Guard Extensions broken? Don’t panic Feedly Summary: More of a storm in a teacup Today’s news that Intel’s Software Guard Extensions (SGX) security system is open to abuse may be overstated.… AI Summary and Description: Yes Summary: The recent discussion regarding Intel’s Software Guard Extensions (SGX)…