security   488669

« earlier    

CLKSCREW: Exposing the perils of security-oblivious energy management | the morning paper
> In this work, we present the CLKSCREW attack, a new class of fault attacks that exploit the security-obliviousness of energy management systems to break security. A novel benefit for the attackers is that these fault attacks become more accessible since they can now be conducted without the need for physical access to the devices or fault injection equipment.

Demonstrating the potency of the attack on commodity ARM devices (a Nexus 6 phone), the authors show how it can be used to extract secret keys from an ARM TrustZone, and can escalate privileges to load self-signed code into Trustzone.

You thought Rowhammer was bad!
security  hardware  vulnerabilities  power-management 
yesterday by absfac
Protecting a Laptop from Simple and Sophisticated Attacks
"I recently replaced my OSX based Macbook with an Ubuntu based Lenovo Thinkpad T420. I’ve done a number of things out of the ordinary to secure it, so thought I’d write an overview. You may find some of these techniques interesting, and maybe even useful. You may even learn about an attack or two that you were unaware of..."
yesterday by trewbot
Ccleaner Supply-chain Attack - Daily Security Byte | Secplicity - Security Simplified
nfortunately, Talos researchers have discovered that the official Ccleaner installer had been booby-trapped with malware for over a month. In order to have planted this malware into an installer with a legitimate digital signature, the attacker had to get deep within Piriform’s supply chain. We don’t know yet whether this was a sophisticated breach or an insider attack, but it’s a big deal in either case.
yesterday by jasonsamuels

« earlier    

related tags

!publish  2fa  advice  airport  android  antonlindqvist  app  apple  applewatch  application  architecture  arm  audit  authentication  awesome  aws  bastion  bestpractices  bios  blackhat  bloomfilter  bluetooth  books  breach  browser  camera  cell  certificate  cheatsheet  checklist  cloud  collection  cpu  credit  credit_report  crime  crisismanagement  ctf  data  datascience  devops  disclosure  discussion  dns  docker  domains  electronics  email  encryption  equifax  ethics  exchange  exjobb  exploit  facebook  faceid  fail  features  federighi  finance  fuzzing  gas-stations  golang  google  hack  hacking  hacks  hardware  hashes  hc-05  hdd  homesecurity  host  howto  html  icloud  identity  identity_theft  infosec  infrastructure  intel-me  intel  intel_me  internet  investigation  ios  ipa  ipad  iphone  iphonex  iterm  juice-shop-project  krebs  kth  kubernetes  lang:en  lasc  law  leakage  legal  lobsters  logging  mac  macos  making  malware  management  merkletree  messaging  messenger  mifnet  mobile  msft  network  nodejs  off-means-off  omegapoint  open-source  openness  osx  owasp  password-lists  passwords  petrol-stations  phone  php  plugin  podcast  police  policy  politics  potential_products  power-management  privacy  proxy  publicrelations  raspberrypi  raspi  reference  remover  review  rfc  scam  server  skimmers  sms  socialmedia  software  sp_issues  sqlinjection  ssh  ssl  sso  styleguide  surveillance  sysadmin  taser  tcp  tech  test  tls  tool  tools  training  truffe  twitter  type:tool  upgraded  url  usa  utility  virtualization  vpn  vuln  vulnerabilities  web  wifi  windows  wordpress  wsj  zap   

Copy this bookmark: