29.10.24

The effectiveness of transient execution defenses rests on obscure model-specific operations that must be correctly implemented in microcode and applied by software. In this paper, we study branch predictor invalidation through.

PAPERS

28.10.24

Large language models (LLMs) have significantly enhanced the performance of numerous applications, from intelligent conversations to text generation. However, their inherent security vulnerabilities have become an increasingly significant challenge, especially with respect to jailbreak attacks.

PAPERS

28.10.24

Cloud storage is ubiquitous: Google Drive, Dropbox, and OneDrive are household names. However, these services do not provide end-to-end encryption (E2EE), meaning that the provider has access to the data stored on their servers. The promise of end-to-end encrypted cloud storage is that users can have the best of both worlds, keeping control of their data using cryptographic techniques, while still benefiting from low-cost storage solutions.

PAPERS

15.8.24

RISCVuzz: Discovering Architectural CPU Vulnerabilities via Differential Hardware Fuzzi

CPU

23.7.24

This groundbreaking report unveils the discovery of a technology suite and its connection to
Chinese organized crime, money laundering, and human trafficking throughout Southeast Asia.

PAPERS

13.7.24

The core of the RADIUS protocol predates modern secure cryptographic design. Surprisingly, in the two decades since Wang et al. demonstrated an MD5 hash collision in 2004, RADIUS has not been updated to remove MD5. In fact, RADIUS appears to have received notably little security analysis given its ubiquity in modern networks.

PAPERS

8.7.24

In this proof-of-concept (PoC) report, we used Recorded Future Identity Intelligence’s vast trove of information stealer (“infostealer”) malware data to identify consumers of child sexual abuse material (CSAM), surface additional sources, and arrive at geographic and behavioral trends for the most popular sources

PAPERS

2.7.24

This paper introduces novel high-precision Branch Target Injection (BTI) attacks, leveraging the intricate structures of the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) in high-end Intel CPUs.

CPU

17.6.24

The vulnerable edge of enterprise security

PAPERS

PAPERS

17.6.24

TIKTAG: Breaking ARM’s Memory Tagging Extension with Speculative Executi

ARM CPU

28.5.24

DNSBomb is a new practical and powerful pulsing DoS attack exploiting DNS queries and responses.

DNS

10.5.24

Virtual Private Networks (VPNs) authenticate and encrypt network traffic to protect users’ security and privacy, and are used in professional and personal settings to defend against malicious actors, circumvent censorship, remotely work from home, etc. It is therefore essential that VPNs are secure.

Papers

8.5.24

Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor

CPU

3.5.24

Papers

5.4.24

Papers

26.3.24

Generic and Automated Drive-by GPU Cache Attacks from the Browser

Papers

GhostRace: Exploiting and Mitigating Speculative Race Conditio

Vulnerebility

CPU

CPU

Malware

Malware

Attack