The Hacker News reports that modern Intel and AMD processors are being impacted by a security flaw triggering the novel Hertzbleed power side channel attack, which could facilitate encryption key theft.
The attack stems from chipsets' dynamic voltage and frequency scaling feature and could significantly affect cryptographic libraries, according to a study from researchers at the University of Washington, the University of Texas, and the University of Illinois Urbana-Champaign.
Separate advisories have already been issued by Intel and AMD for the vulnerabilities but patches are yet to be made available.
"As the vulnerability impacts a cryptographic algorithm having power analysis-based side channel leakages, developers can apply countermeasures on the software code of the algorithm. Either masking, hiding, or key-rotation may be used to mitigate the attack," said AMD.
While Intel emphasized that the attack was not "practical outside of a lab environment," it urged developers to adhere to recommended library and app defenses against frequency throttling information disclosure.
Cybercrime operation Gold Melody, also known as UNC961 and Prophet Spider, has been discovered by SecureWorks Counter Threat Unit researchers to be an initial access broker peddling compromised network access for further attacks, according to The Hacker News.