side-channel

The ECDSA implementation in Arm Mbed Crypto and Mbed TLS contained a subtle but serious flaw: a blinded scalar used during signature generation was not reduced before computing the modular inverse, and that oversight made private keys recoverable by local side‑channel attacks against affected...

Arm’s Mbed TLS contained a subtle but consequential side‑channel flaw — tracked as CVE‑2020‑10941 — that allowed a privileged observer to recover RSA private key material by measuring cache usage during an import operation, and the case raises lasting lessons for developers, embedded vendors...

Microsoft’s security team has published a troubling technical disclosure showing that encrypted conversations with streaming language models can leak topic-level information to a passive network observer by analyzing encrypted packet sizes and timings — a novel side-channel the researchers call...

Intel has revealed another major security vulnerability in its CPUs, similar to the Meltdown/Spectre vulnerabilities revealed earlier this year. It is understood that at this time there are no current exploits and further information can be found on the released Link Removed . AMD chips are...

Original release date: May 21, 2018 Systems Affected CPU hardware implementations Overview On May 21, 2018, new variants—known as 3A and 4—of the side-channel central processing unit (CPU) hardware vulnerability were Link Removed. These variants can allow an attacker to obtain access to...

Today, Google Project Zero published details of a class of vulnerabilities which can be exploited by speculative execution side-channel attacks. These techniques can be used via JavaScript code running in the browser, which may allow attackers to gain access to memory in the attacker’s process...