{"id":44497,"date":"2024-03-22T07:36:52","date_gmt":"2024-03-22T11:36:52","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=560245"},"modified":"2024-03-22T07:36:52","modified_gmt":"2024-03-22T11:36:52","slug":"cyber-security-today-march-22-2024-mac-cpus-are-vulnerable-to-encrypted-key-theft-white-hat-hackers-win-a-second-tesla-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-march-22-2024-mac-cpus-are-vulnerable-to-encrypted-key-theft-white-hat-hackers-win-a-second-tesla-and-more\/","title":{"rendered":"Cyber Security Today, March 22, 2024 \u2013 Mac CPUs are vulnerable to encrypted key theft, white hat hackers win a second Tesla, and more"},"content":{"rendered":"<p>Mac CPUs are vulnerable to encrypted key theft, white hat hackers win a second Tesla, and more.<\/p>\n<p>Welcome to Cyber Security Today. It&#8217;s Friday, March 22nd, 2024. I&#8217;m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.<\/p>\n<p><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/30486308\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\"  rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\"  rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>\u00a0IT pros have heard<\/strong> about side channel attacks on Intel and AMD processors that can lead to computers and servers being hacked. News has emerged that Apple&#8217;s M-series of chips in Macintosh computers have a similar problem. <a href=\"https:\/\/gofetch.fail\/\"  rel=\"noopener\">According to seven American university researchers<\/a> the vulnerability can allow an attacker to extract scrambled keys for encrypting data from a Mac&#8217;s memory. The attack is called GoFetch. Because the vulnerability lies inside a processor&#8217;s code it can&#8217;t be patched. The best thing Mac owners and administrators can do is make sure the applications they use have the latest security updates. Developers of cryptographic libraries can change a setting so data memory-dependent prefetching (DMP) is disabled. But that may only work on some CPUs. Apple was notified of the problem in December.<\/p>\n<p><strong>New information has been released<\/strong> on a malicious implant being spread by a Russian espionage group. <a href=\"https:\/\/blog.talosintelligence.com\/tinyturla-full-kill-chain\/\"  rel=\"noopener\">Researchers at Cisco Systems have discovered<\/a> the entire attack chain used by the gang, which it calls Turla. This information will be helpful to defenders. One tactic after gaining network access is to configure the victim&#8217;s anti-virus software to evade detection a backdoor. The gang sets up persistence through batch files that create what looks like a system device manager that hides the backdoor. Then it installs a tool dubbed Chisel to communicate back to a command and control server. The gang has already infected several IT systems in an unnamed European non-governmental organization.<\/p>\n<p><strong>KDE,<\/strong> which makes the Plasma front end for desktop Linux, has warned users to think twice about installing themes and widgets for the platform. That&#8217;s because a user lost data after the installation of a global theme. Themes are only supposed to change the look of Plasma. But as a result of the incident the KDE community is being asked to find defective apps in the KDE Store. This was <a href=\"https:\/\/www.bleepingcomputer.com\/news\/linux\/kde-advises-extreme-caution-after-theme-wipes-linux-users-files\/\"  rel=\"noopener\">first reported by Bleeping Computer.<\/a><\/p>\n<p><strong>Administrators with Fortinet&#8217;s<\/strong> FortiClientEMS enterprise management server in their environments <a href=\"https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-24-007\"  rel=\"noopener\">are urged to install the latest security update<\/a>. It closes an SQL injection vulnerability that is being exploited by threat actors. This vulnerability was reported last month. This week Fortinet added IPS signature information to the warning.<\/p>\n<p><strong>Finally,<\/strong> a team from the French cybersecurity company <a href=\"https:\/\/www.synacktiv.com\/en\"  rel=\"noopener\">Synactiv<\/a> won their second Tesla vehicle in a year at this week&#8217;s<a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2024\/3\/21\/pwn2own-vancouver-2024-day-two-results\"  rel=\"noopener\"> Pwn2Own hacking contest in Vancouver, British Columbia.<\/a> They did it this time by hacking into the electronic control unit of a Tesla Model 3. For accomplishing the feat they also won US$200,000. Held in several cities throughout the year, the Pwn2Own contest sees individuals and teams challenged to find new vulnerabilities and hack into applications for cash. This year&#8217;s targets included Windows 11, Ubuntu Linux, the Chrome browser, Microsoft SharePoint, Adobe Reader and more. At the time this podcast was recorded just under US$900,000 in prizes had been awarded. The contest helps companies close unknown vulnerabilities in their applications.<\/p>\n<p>That\u2019s it for now. But later today the Week in Review podcast will be out. On this edition guest commentator Terry Cutler of <a href=\"https:\/\/www.cyologylabs.com\/\"  rel=\"noopener\">Cyology Labs<\/a> will discuss lessons learned from the ransomware attack on the British Library, and more.<\/p>\n<p>Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-march-22-2024-mac-cpus-are-vulnerable-to-encrypted-key-theft-white-hat-hackers-win-a-second-tesla-and-more\/560245\">Cyber Security Today, March 22, 2024 \u2013 Mac CPUs are vulnerable to encrypted key theft, white hat hackers win a second Tesla, and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on the discovery of a side-channel vulnerability in Apple M-series chip<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-44497","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/44497","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=44497"}],"version-history":[{"count":2,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/44497\/revisions"}],"predecessor-version":[{"id":44502,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/44497\/revisions\/44502"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=44497"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=44497"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=44497"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}