MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs

Goal is to give chip designers and security practitioners in the semiconductor space a better understanding of major microprocessor flaws like Meltdown and Spectre.

Follow Dark Reading:

March 01, 2024

LATEST SECURITY NEWS & COMMENTARY MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs Goal is to give chip designers and security practitioners in the semiconductor space a better understanding of major microprocessor flaws like Meltdown and Spectre. Microsoft Zero-Day Used by Lazarus in Rootkit Attack North Korean state actors Lazarus Group used a Windows AppLocker zero-day, along with a new and improved rootkit, in a recent cyberattack, researchers report. Hugging Face AI Platform Riddled With 100 Malicious Code-Execution Models The finding underscores the growing risk of weaponizing publicly available AI models and the need for better security to combat the looming threat. FBI, CISA Release IoCs for Phobos Ransomware Threat actors using the malware have infected systems within government, healthcare, and other critical infrastructure organizations since at least 2019. MTTR: The Most Important Security Metric Measuring and tracking your mean time to remediate shows whether vulnerability management is reducing risk and closing opportunities for adversaries. Chinese APT Developing Exploits to Defeat Already Patched Ivanti Users More bad news for Ivanti customers: soon, even if you've patched, you still might not be safe from relentless attacks from high-level Chinese threat actors. Biden Administration Unveils Data Privacy Executive Order The presidential move orders a variety of different departments and organizations to regulate personal data better and provide clear, high standards to prevent foreign access. (Sponsored Article) Cyber-Risk Is Getting Personal Cyber-risk is no longer just business risk; it's also personal risk. Learn how to protect yourself and your organization from threats. MORE NEWS / MORE COMMENTARY HOT TOPICS 'Voltzite' Zaps African Utilities as Part of Volt Typhoon's Onslaught The China-backed APT that's been trying to set itself up inside US critical infrastructure for the purpose of disrupting physical processes is deploying a similar playbook in Africa. Converging State Privacy Laws and the Emerging AI Challenge It's time for companies to look at what they're processing, what types of risk they have, and how they plan to mitigate that risk. Cyberattackers Lure EU Diplomats With Wine-Tasting Offers A targeted attack aiming to exploit geopolitical relations between India and Europe delivers previously undocumented, uniquely evasive backdoor malware. MORE PRODUCTS & RELEASES Troutman Pepper Forms Incidents and Investigations Team Tenable Introduces Visibility Across IT, OT, and IoT Domains Cybersecurity Startup Morphisec Appoints Ron Reinfeld As CEO Entro Extends Machine Secrets and Identities Protection With Machine Identity Lifecycle Management MORE PRODUCTS & RELEASES EDITORS' CHOICE Echoes of SolarWinds in New 'Silver SAML' Attack Technique A successor to the "Golden SAML" tactic used in the SolarWinds campaign, this new technique taps SAML response forgery to gain illegitimate access to apps and services. LATEST FROM THE EDGE As Smart Cities Expand, So Do the ThreatsThe systems that make up a smart city ecosystem are not easily secured and require better design and better policy to ensure they are not vulnerable. LATEST FROM DR TECHNOLOGY Cloud Apps Make the Case for Pen-Testing-as-a-Service Applications are increasingly distributed, expanding companies' cloud attack surfaces and requiring regular testing to find and fix vulnerabilities — and avoid the risk of a growing sprawl of services. LATEST FROM DR GLOBAL Ransomware-as-a-Service Spawns Wave of Cyberattacks in Middle East & Africa Experts advise organizations in the region to refuse to pay ransom demands. WEBINARS How To Optimize and Accelerate Cybersecurity Initiatives for Your Business Assessing Your Critical Applications' Cyber Defenses View More Dark Reading Webinars >> WHITE PAPERS Gcore Radar Cheat Sheet - 5 Strategic Security Checkpoints Causes and Consequences of IT and OT Convergence Strengthen Microsoft Defender with MDR 2023 Work-from-Anywhere Global Study Building Cyber Resiliency: Key Strategies for Proactive Security Operations Mandiant Threat Intelligence at Penn State Health View More White Papers >> FEATURED REPORTS Industrial Networks in the Age of Digitalization Zero-Trust Adoption Driven by Data Protection How Enterprises Assess Their Cyber-Risk View More Dark Reading Reports >>

Dark Reading Daily -- Published By Dark Reading Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. Thoughts about this newsletter? Give us feedback. Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our Privacy Statement.

© 2024 | Informa Tech | Privacy Statement | Terms & Conditions | Contact Us