Technology

Intel and AMD trusted enclaves, the backbone of network security, fall to physical attacks

Source

Ars Technica

Published

Sep 30, 2025

TL;DR

AI Generated

Intel and AMD's trusted enclaves, crucial for network security, have been vulnerable to physical attacks, compromising the confidentiality of data stored in the cloud. Researchers have exposed limitations in Intel's SGX and AMD's SEV-SNP protections, with attacks like Battering RAM allowing manipulation of encrypted data and Wiretap decrypting sensitive information. These attacks leverage deterministic encryption and a hardware interposer placed between the CPU and memory module to intercept data. The vulnerabilities highlight ongoing challenges in securing data within cloud environments.

Read Full Article

Federal cyber experts called Microsoft's cloud a "pile of shit," approved it anyway

Federal cybersecurity evaluators expressed serious concerns about Microsoft's cloud computing offering due to a lack of detailed security documentation and an inability to explain how sensitive information is protected. Despite these issues, the Federal Risk and Authorization Management Program (FedRAMP) approved Microsoft's Government Community Cloud High, granting it a cybersecurity seal of approval. This decision, although unusual, allowed Microsoft to expand its government business empire, despite lingering doubts about the technology's security.

Ars Technica•

2 months ago

Compromising Spectre v2 HW Mitigations By Exploiting BPRC (ETH Zurich)

Researchers at ETH Zurich published a paper on exploiting Branch Predictor Race Conditions (BPRC) to compromise Spectre v2 hardware mitigations in recent Intel CPUs. The study introduces Branch Privilege Injection (BPI), a new Spectre v2 primitive that allows injecting arbitrary branch predictions tagged with kernel privilege from user mode. This exploit can leak arbitrary kernel memory from up-to-date Linux systems across six generations of Intel CPUs. The BPI exploit operates at a speed of 5.6KiB/s on Intel Raptor Cove processors. The findings were presented at the USENIX Security Symposium in August 2025.

SemiEngineering•

8 months ago

After BlackSuit is taken down, new ransomware group Chaos emerges

After the takedown of the BlackSuit ransomware group, a new group named Chaos has emerged, likely with some of the same members. Chaos encrypts files with a .chaos extension and sends ransom notes named "readme.chaos[.]txt" to victims. The group, active since February, targets organizations in the US, UK, New Zealand, and India, demanding around $300,000 in ransom. Victims who pay receive a decryptor and a vulnerability report, while those who refuse risk permanent data loss, public disclosure, and DDoS attacks.

Ars Technica•

10 months ago

Dr. L.C. Lu on TSMC Advanced Technology Design Solutions

Dr. L.C. Lu, a key figure at TSMC, focuses on design-technology co-optimization, packaging innovations, and AI-driven methodologies for next-gen semiconductor systems. TSMC emphasizes DTCO and DDCL innovations for scaling from N5 to A14 nodes, with NanoFlex and NanoFlex Pro architectures offering efficiency gains. N2P and N2U nodes incorporate advanced DTCO and power delivery optimizations, with hybrid dual-rail architectures achieving significant energy savings. TSMC collaborates with EDA partners for AI integration, enhancing productivity and design quality. Advanced packaging technologies like CoWoS and SoIC play a crucial role in enabling AI scaling, with memory bandwidth and interconnect performance scaling aggressively. TSMC addresses power delivery and thermal management challenges in AI systems through advanced solutions. TSMC's advancements in design methodologies and AI-driven automation promise improved productivity and scalability in chip-package co-design.

SemiWiki•

5 hours ago