Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass

The available options for addressing the flaw are limited, leaving many Macs vulnerable to a "GoFetch" attack that steals keys — even quantum-resistant ones. [TechWeb]( Follow Dark Reading: [RSS]( March 28, 2024 LATEST SECURITY NEWS & COMMENTARY [Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass]( The available options for addressing the flaw are limited, leaving many Macs vulnerable to a "GoFetch" attack that steals keys — even quantum-resistant ones. [Millions of Hotel Rooms Worldwide Vulnerable to Door Lock Exploit]( Hotel locks have been vulnerable to cyber compromise for decades and are extending their run into the digital age. ['Tycoon' Malware Kit Bypasses Microsoft, Google MFA]( Threat actors are widely adopting the fast-growing, low-cost phishing-as-a-service (PhaaS) platform, which is sold via Telegram. [Zero-Day Bonanza Drives More Exploits Against Enterprises]( Advanced adversaries are increasingly focused on enterprise technologies and their vendors, while end-user platforms are having success stifling zero-day exploits with cybersecurity investments, according to Google. [DHS Proposes Critical Infrastructure Reporting Rules]( CISA will administer the new reporting requirements for cyber incidents and ransomware payments. [Getting Security Remediation on the Boardroom Agenda]( IT teams can better withstand scrutiny by helping their board understand risks and how they are fixed, as well as explaining their long-term vision for risk management. [Saudi Arabia, UAE Top List of APT-Targeted Nations in the Middle East]( Government, manufacturing, and the energy industry are the top targets of advanced, persistent threat actors, with phishing attacks and remote exploits the most common vectors. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Apple Security Bug Opens iPhone, iPad to RCE]( CVE-2024-1580 allows remote attackers to execute arbitrary code on affected devices. [Australian Government Doubles Down On Cybersecurity in Wake of Major Attacks]( Government proposes more modern and comprehensive cybersecurity regulations for businesses, government, and critical infrastructures providers Down Under. [How New-Age Hackers Are Ditching Old Ethics]( Staying up to date and informed on threat-actor group behavior is one way both organizations and individuals can best navigate the continually changing security landscape. [8 Strategies for Enhancing Code Signing Security]( Strong code-signing best practices are an invaluable way to build trust in the development process and enable a more secure software supply chain. [MORE]( PRODUCTS & RELEASES [WiCyS and ISC2 Launch Spring Camp for Cybersecurity Certification]( [New Cyber Threats to Challenge Financial Services Sector in 2024]( [Checkmarx Announces Partnership With Wiz]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers]( A new, improved variant on the group's malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments. LATEST FROM THE EDGE [A CISO's Guide to Materiality and Risk Determination]( For many CISOs, "materiality" remains an ambiguous term. Even so, they need to be able to discuss materiality and risk with their boards. LATEST FROM DR TECHNOLOGY [Using East-West Network Visibility to Detect Threats in Later Stages of MITRE ATT&CK]( Ensuring that traffic visibility covers both client-server and server-server communications helps NetOps teams analyze and spot potential threats early on, avoiding catastrophic effects. LATEST FROM DR GLOBAL [Vietnam Securities Broker Suffers Cyberattack That Suspended Trading]( Attackers "encrypted" VNDirect's data in an attack that kept the broker offline for days. WEBINARS - [Securing Code in the Age of AI]( - [Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Upgrade your cybersecurity in the era of AI]( - [Cheat Sheet - 5 Strategic Security Checkpoints]( - [Causes and Consequences of IT and OT Convergence]( - [Secure Access for Operational Technology at Scale]( - [Stopping Active Adversaries: Lessons from the Cyber Frontline]( - [Incident Response Planning Guide]( - [FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122436&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_03.28.24&sp_cid=52756&utm_content=DR_NL_Dark%20Reading%20Daily_03.28.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#87 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)