TechRadar

YubiKey FIDO authenticators could be abused through unpatchable cryptographic flaw

All physical multi-factor authentication (MFA) keys that work on Infeneon’s SLE78 microcontroller were said to be vulnerable to a cryptographic flaw which allows threat actors to clone the gadget and ...
heise online

Yubikey cloning attack: Apparently possible – but not trivial

Attackers can exploit a security vulnerability in Yubikey and YubiSHM from Yubico and access keys. However, this requires a lot of effort. IT security researchers have discovered a security ...
GIGAZINE

YubiKey 5 vulnerable to side-channel attack, YubiKey versions older than 5.7 are permanently at risk

FIDO authentication, is vulnerable. Attacking the vulnerability requires advanced knowledge and expensive equipment, but because YubiKey firmware cannot be updated ...
Bleeping Computer

Some YubiKey FIPS Keys Allow Attackers to Reconstruct Private Keys

Yubico issued a security advisory saying that an issue impacting YubiKey FIPS Series devices (versions 4.4.2 and 4.4.4) reduces the strength of generated RSA keys and ECDSA signatures after power-up.