March 22, 2024 at 11:06AM A new side-channel vulnerability, GoFetch, has been discovered in Apple Silicon processors, allowing malicious apps to extract cryptographic keys by exploiting the DMP feature. The vulnerability affects Apple M1, M2, and M3 chips, as well as Intel’s 13th Gen Raptor Lake microarchitecture. Disabling DMP may degrade performance, and third-party cryptographic … Read more
March 22, 2024 at 07:27AM The ThreatLocker® Zero Trust Endpoint Protection Platform enforces a strict deny-by-default, allow-by-exception security posture to protect organizations from various cyber threats, promoting compliance with multiple frameworks. The platform offers free guidance on implementing compliance best practices, covering 24 technical controls across different compliance frameworks. Download the free guide for more … Read more
March 21, 2024 at 02:45PM Attackers can generate an ongoing, limitless scenario where traffic volumes continuously overwhelm network resources. Based on the meeting notes, the key takeaway is that attackers have the capability to generate a self-perpetuating, infinite scenario that can overwhelm network resources with volumes of traffic indefinitely. This indicates a significant threat to … Read more
March 21, 2024 at 10:26AM Ransomware attacks are impacting organizations across all sectors, with recent high-profile incidents involving Change Healthcare and Veolia North America. These attacks have highlighted the need for lessons learned and strategies to limit ransomware risk, including enhancing email and endpoint security, properly encrypting sensitive data, establishing a solid backup strategy, and … Read more
March 21, 2024 at 05:30AM The text explores the landscape of operational technology (OT) cyber-attacks. It delineates five types of OT cyber-attacks, categorizing them into two distinct groups based on the assets targeted and how they are impacted. The discussion highlights the importance of distinguishing between these categories to better prepare for future cyber-attacks. The … Read more
March 21, 2024 at 12:48AM Ivanti has disclosed a critical remote code execution flaw, CVE-2023-41724, in Standalone Sentry with a CVSS score of 9.6. All supported versions are affected, and patches are available for download. The company credited security experts and mentioned that no customers are known to be affected. Other security flaws in Ivanti … Read more
March 20, 2024 at 02:39PM The US government urges states to improve water sector cybersecurity amid rising threats. The EPA plans to establish a Water Sector Cybersecurity Task Force to address vulnerabilities and adopt best practices. Recent attacks have raised awareness, prompting the EPA to pursue a concerted effort with state officials, backed by the … Read more
March 20, 2024 at 12:03PM Successful attackers target human emotions for psychological manipulation, making anyone vulnerable, regardless of tech expertise. Based on the meeting notes, the key takeaway is that successful attackers focus on psychological manipulation of human emotions, making anyone, including tech-savvy individuals, susceptible to becoming a victim. Full Article
March 20, 2024 at 10:36AM A low-level threat actor is using common malware and genuine software to attack Russian businesses. It appears that a relatively simple threat actor is focusing on Russian companies, using commonly available malware as well as legitimate software. Full Article
March 19, 2024 at 06:04PM U.S. National Security Advisor Jake Sullivan and EPA Administrator Michael Regan sent a joint letter to governors warning about cyberattacks targeting the country’s water infrastructure. They seek governors’ support in safeguarding water systems against cyber threats and proposed a Water Sector Cybersecurity Task Force. Recent attacks by Iranian and Chinese … Read more