Mac CPUs are vulnerable to encrypted key theft, white hat hackers win a second Tesla, and more.
Welcome to Cyber Security Today. It’s Friday, March 22nd, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
IT pros have heard about side channel attacks on Intel and AMD processors that can lead to computers and servers being hacked. News has emerged that Apple’s M-series of chips in Macintosh computers have a similar problem. According to seven American university researchers the vulnerability can allow an attacker to extract scrambled keys for encrypting data from a Mac’s memory. The attack is called GoFetch. Because the vulnerability lies inside a processor’s code it can’t be patched. The best thing Mac owners and administrators can do is make sure the applications they use have the latest security updates. Developers of cryptographic libraries can change a setting so data memory-dependent prefetching (DMP) is disabled. But that may only work on some CPUs. Apple was notified of the problem in December.
New information has been released on a malicious implant being spread by a Russian espionage group. Researchers at Cisco Systems have discovered the entire attack chain used by the gang, which it calls Turla. This information will be helpful to defenders. One tactic after gaining network access is to configure the victim’s anti-virus software to evade detection a backdoor. The gang sets up persistence through batch files that create what looks like a system device manager that hides the backdoor. Then it installs a tool dubbed Chisel to communicate back to a command and control server. The gang has already infected several IT systems in an unnamed European non-governmental organization.
KDE, which makes the Plasma front end for desktop Linux, has warned users to think twice about installing themes and widgets for the platform. That’s because a user lost data after the installation of a global theme. Themes are only supposed to change the look of Plasma. But as a result of the incident the KDE community is being asked to find defective apps in the KDE Store. This was first reported by Bleeping Computer.
Administrators with Fortinet’s FortiClientEMS enterprise management server in their environments are urged to install the latest security update. It closes an SQL injection vulnerability that is being exploited by threat actors. This vulnerability was reported last month. This week Fortinet added IPS signature information to the warning.
Finally, a team from the French cybersecurity company Synactiv won their second Tesla vehicle in a year at this week’s Pwn2Own hacking contest in Vancouver, British Columbia. They did it this time by hacking into the electronic control unit of a Tesla Model 3. For accomplishing the feat they also won US$200,000. Held in several cities throughout the year, the Pwn2Own contest sees individuals and teams challenged to find new vulnerabilities and hack into applications for cash. This year’s targets included Windows 11, Ubuntu Linux, the Chrome browser, Microsoft SharePoint, Adobe Reader and more. At the time this podcast was recorded just under US$900,000 in prizes had been awarded. The contest helps companies close unknown vulnerabilities in their applications.
That’s it for now. But later today the Week in Review podcast will be out. On this edition guest commentator Terry Cutler of Cyology Labs will discuss lessons learned from the ransomware attack on the British Library, and more.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.