Cyber Security Today, March 22, 2024 – Mac CPUs are vulnerable to encrypted key theft, white hat hackers win a second Tesla, and more

Share post:

Mac CPUs are vulnerable to encrypted key theft, white hat hackers win a second Tesla, and more.

Welcome to Cyber Security Today. It’s Friday, March 22nd, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 IT pros have heard about side channel attacks on Intel and AMD processors that can lead to computers and servers being hacked. News has emerged that Apple’s M-series of chips in Macintosh computers have a similar problem. According to seven American university researchers the vulnerability can allow an attacker to extract scrambled keys for encrypting data from a Mac’s memory. The attack is called GoFetch. Because the vulnerability lies inside a processor’s code it can’t be patched. The best thing Mac owners and administrators can do is make sure the applications they use have the latest security updates. Developers of cryptographic libraries can change a setting so data memory-dependent prefetching (DMP) is disabled. But that may only work on some CPUs. Apple was notified of the problem in December.

New information has been released on a malicious implant being spread by a Russian espionage group. Researchers at Cisco Systems have discovered the entire attack chain used by the gang, which it calls Turla. This information will be helpful to defenders. One tactic after gaining network access is to configure the victim’s anti-virus software to evade detection a backdoor. The gang sets up persistence through batch files that create what looks like a system device manager that hides the backdoor. Then it installs a tool dubbed Chisel to communicate back to a command and control server. The gang has already infected several IT systems in an unnamed European non-governmental organization.

KDE, which makes the Plasma front end for desktop Linux, has warned users to think twice about installing themes and widgets for the platform. That’s because a user lost data after the installation of a global theme. Themes are only supposed to change the look of Plasma. But as a result of the incident the KDE community is being asked to find defective apps in the KDE Store. This was first reported by Bleeping Computer.

Administrators with Fortinet’s FortiClientEMS enterprise management server in their environments are urged to install the latest security update. It closes an SQL injection vulnerability that is being exploited by threat actors. This vulnerability was reported last month. This week Fortinet added IPS signature information to the warning.

Finally, a team from the French cybersecurity company Synactiv won their second Tesla vehicle in a year at this week’s Pwn2Own hacking contest in Vancouver, British Columbia. They did it this time by hacking into the electronic control unit of a Tesla Model 3. For accomplishing the feat they also won US$200,000. Held in several cities throughout the year, the Pwn2Own contest sees individuals and teams challenged to find new vulnerabilities and hack into applications for cash. This year’s targets included Windows 11, Ubuntu Linux, the Chrome browser, Microsoft SharePoint, Adobe Reader and more. At the time this podcast was recorded just under US$900,000 in prizes had been awarded. The contest helps companies close unknown vulnerabilities in their applications.

That’s it for now. But later today the Week in Review podcast will be out. On this edition guest commentator Terry Cutler of Cyology Labs will discuss lessons learned from the ransomware attack on the British Library, and more.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, March 22, 2024 – Mac CPUs are vulnerable to encrypted key theft, white hat hackers win a second Tesla, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

AI hallucinations ended in a year? Hashtag Trending, Monday April 22, 2024

Capital Gains tax in Canada gets criticized by tech sector.  Amazon drops 100,000 jobs while vastly increasing its...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways