Link to newsletter:
Dear Subscribers, please see the latest Security & tech Insights newsletter covering emerging issues, trends and potential solutions in the world of cybersecurity. Thanks for reading and stay safe! Best, Chuck Brooks PS checkout my new book on Amazon: Inside Cyber: How AI, 5G, and Quantum Computing Will Transform Privacy and Our Security Amazon.com : Inside Cyber: How AI, 5G, and Quantum Computing Will Transform Privacy and Our Security: 9781394254941: Brooks, Chuck: Books.
AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring-2 privileges and install malware that becomes nearly undetectable.
Ring-2 is one of the highest privilege levels on a computer, running above Ring-1 (used for hypervisors and CPU virtualization) and Ring 0, which is the privilege level used by an operating system’s Kernel.
The Ring-2 privilege level is associated with modern CPUs’ System Management Mode (SMM) feature. SMM handles power management, hardware control, security, and other low-level operations required for system stability.
An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software.
“The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more sophisticated malicious scripts that deliver local extensions to steal private data and execute various commands,” the ReasonLabs research team said in an analysis.
“This trojan malware, existing since 2021, originates from imitations of download websites with add-ons to online games and videos.”
Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users.
The vulnerabilities “led to an entire break in the security of Sonos’s secure boot process across a wide range of devices and remotely being able to compromise several devices over the air,” NCC Group security researchers Alex Plaskett and Robert Herrera said.
Successful exploitation of one of these flaws could allow a remote attacker to obtain covert audio capture from Sonos devices by means of an over-the-air attack. They impact all versions prior to Sonos S2 release 15.9 and Sonos S1 release 11.12, which were shipped in October and November 2023.
Brain-computer interfaces (BCIs) can translate a person’s brainwaves into action, but these devices are vulnerable to hacking.
By Chuck Brooks
AI agents represent a great leap forward in technology, offering exponential benefits to society. From enhancing scientific research, healthcare, transportation, education, and cybersecurity. There are a lot of different applications that AI agents could help enable in our new digital world, including, foremost, for humans.
It’s easy to think of bacteria as one of the greatest scourges on Earth for the diseases and deaths they cause, and how they repeatedly thwart our best antibiotics, evolving into drug-resistant superbugs.
But really, bacteria are just doing what they’ve always done – finding new ways to survive.
While the search for new antibiotics continues, combination therapies are increasingly being tested to try to clamp down on multiple bacterial escape pathways at once, and limit the chances of microbes developing resistance with successive biological hacks.
Australian businesses are paying untold amounts of ransom to hackers, but the government is hoping to claw back some visibility with a landmark cybersecurity law.
While major ransomware attacks on companies such as MediSecure, Optus and Latitude have grabbed headlines for breaching the privacy of millions, the practice of quietly paying off cybercriminals has flourished in the dark.
The situation has deteriorated to the point that the government’s original ambition for an outright ban on ransom payments has been nixed, for now, and the focus has shifted to mapping the scale of the problem.
Local decentralized energy systems, known as microgrids, can make urban infrastructures more resilient and reduce risks for the population, for example, in large-scale power outages due to natural hazards or cyberattacks.
In Nature Sustainability researchers from Karlsruhe Institute of Technology (KIT) present design criteria for microgrids that allow for fair treatment of different social groups alongside technical factors. The study shows how cities can shape the transformation towards a secure and more sustainable and equitable energy supply.
Climate change increases the probability of extreme events, as we have seen during the massive flooding of large parts of southern Germany in June. The question of how cities and municipalities can make power supply more resilient and more secure in the face of such crises is bringing so-called microgrids into focus.
Discover how the SeleniumGreed campaign exploits exposed Selenium Grid services for crypto mining, posing risks to automated testing frameworks.