'CacheWarp' AMD VM Bug Opens the Door to Privilege Escalation

Academics in Germany figured out how to reverse time in AMD virtualization environments, then reap the spoils. [TechWeb]( Follow Dark Reading: [RSS]( November 17, 2023 LATEST SECURITY NEWS & COMMENTARY ['CacheWarp' AMD VM Bug Opens the Door to Privilege Escalation]( Academics in Germany figured out how to reverse time in AMD virtualization environments, then reap the spoils. [Dangerous Apache ActiveMQ Exploit Allows Stealthy EDR Bypass]( There's no time to waste: For organizations on the fence about patching the critical bug in ActiveMQ, the new proof-of-concept exploit should push them towards action. [Unpatched Critical Vulnerabilities Open AI Models to Takeover]( The security holes can allow server takeover, information theft, model poisoning, and more. ['Randstorm' Bug: Millions of Crypto Wallets Open to Theft]( The security vulnerability in a component of a widely used JavaScript implementation of Bitcoin makes passwords guessable via brute-force attacks. [APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide]( At least four separate campaigns against CVE-2023-37580 in the popular Zimbra Collaboration Suite aimed to siphon up reams of sensitive mail data. [Despite Hype, the Password-Free Workplace Is Still a Long Way Off]( More than half of organizations are nowhere near ditching passwords, even as cyberattackers continue to have a field day with workers' poor credential choices. [Consumer Software Security Assessment: Should We Follow NHTSA's Lead?]( Vehicles are required to meet basic safety standards. Having similar requirements for software would give consumers greater control over their privacy and security. [3 Ways Behavioral Economics Obstructs Cybersecurity]( People are not robots; their decisions are based on emotion as much as data. Often, this can lead them to make mistakes with serious security implications for the business. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS ['AlphaLock' Hackers Launch 'Pen-Testing Training' Group]( With a two-pronged approach, the group trains its hackers in penetration testing, only to set them free to build a marketplace for pen-testing services. [Defending Against Attacks on Vulnerable IoT Devices]( Organizations must approach cybersecurity as if they are defending themselves in a cyberwar. [Microsoft Zero-Days Allow Defender Bypass, Privilege Escalation]( Another two bugs in this month's set of fixes for 63 CVEs were publicly disclosed previously but have not been exploited yet. [SEC Suit Ushers in New Era of Cyber Enforcement]( A federal push to enforce cybersecurity requirements is holding public companies and government contractors accountable as a matter of law and for national security. [MORE]( EDITORS' CHOICE [Rackspace Ransomware Costs Soar to Nearly $12M]( Rackspace's 2022 ransomware attack costs only continue to mount, with lawsuits in the offing — and show the long-tail costs of a cyberattack. LATEST FROM THE EDGE [IT Pros Worry Generative AI Will Be a Major Driver of Cybersecurity Threats]( Organizations are concerned about generative AI technologies as being a major driver of cybersecurity threats in 2024. LATEST FROM DR TECHNOLOGY [Cybersecurity Investment Involves More Than Just Technology]( Organizations are also looking at threat intelligence, risk assessment, cyber insurance, and third-party risk management. LATEST FROM DR GLOBAL [FBI Warns: 5 Weeks In, Gaza Email Scams Still Thriving]( Cybercriminals are playing both sides with simple disaster scams, and it's working. WEBINARS - [Tricks to Boost Your Threat Hunting Game]( Proactive "threat hunting" is becoming a more common practice for organizations who know it is no longer enough to detect threats and defend against them. How do these enterprises build threat hunting programs? How do they staff them, and what ... - [SecOps & DevSecOps in the Cloud]( Security teams today face the dual challenge of securing cloud-native applications as well as their software development processes that increasingly operate in the cloud. At the same time, attacks are rising against misconfigured cloud instances as well as a new ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( - [Threat Intelligence: Data, People and Processes]( - [Global Perspectives on Threat Intelligence]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Mandiant Threat Intelligence at Penn State Health]( - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [Everything You Need to Know About DNS Attacks]( - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [ALTR Closes $25M Series C Financing]( [Malwarebytes Labs Reveals 50% Uptick in Credit Card Skimming in Advance of the Holiday Shopping Season]( [Egress and KnowBe4 Extend Partnership to Offer AI-based Adaptive Email Security and Training]( [Netskope Delivers the Next Gen SASE Branch, Powered by Borderless SD-WAN]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Tips for a Streamlined Transition to Zero Trust]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=119391&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_11.17.23&sp_cid=50565&utm_content=DR_NL_Dark%20Reading%20Daily_11.17.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#88 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)