Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs

Hundreds of consumer and enterprise-grade x86 and ARM models from various vendors, including Intel, Acer, and Lenovo, are potentially vulnerable to bootkits and takeover [TechWeb]( Follow Dark Reading: [RSS]( December 04, 2023 LATEST SECURITY NEWS & COMMENTARY [Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs]( Hundreds of consumer and enterprise-grade x86 and ARM models from various vendors, including Intel, Acer, and Lenovo, are potentially vulnerable to bootkits and takeover. [Simple Hacking Technique Can Extract ChatGPT Training Data]( Apparently all it takes to get a chatbot to start spilling its secrets is prompting it to repeat certain words like "poem" forever. [North Korea APT Slapped With Cyber Sanctions After Satellite Launch]( Sanctions on Kimsuky/APT43 focuses the world on disrupting DPRK regime's sprawling cybercrime operations, expert says. [Japan's Space Program at Risk After Microsoft Active Directory Breach]( The agency, known as JAXA, has shut down parts of its network as it conducts an investigation to discover the scope and impact of the breach. [Emirates CISOs Flag Rampant Cybersecurity Gaps]( UAE security leaders warn that people, tech, and process gaps are exposing their organizations to cybercrime. [The US Needs to Follow Germany's Attack-Detection Mandate]( A more proactive approach to fighting cyberattacks for US companies and agencies is shaping up under the CISA's proposal to emphasize real-time attack detection and response. [Interpol Arrests Smuggler With New Biometric Screening Database]( Interpol has upgraded its biometric background check tech. It'll help catch criminals, but will it protect sensitive, immutable data belonging to the innocent? [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Siemens PLCs Still Vulnerable to Stuxnet-like Cyberattacks]( Security updates are tedious and difficult, so users continue to use a weak version of a core protocol and remain exposed to major attacks on critical infrastructure. [8 Tips on Leveraging AI Tools Without Compromising Security]( AI tools can deliver quick and easy results and offer huge business benefits — but they also bring hidden risks. [Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus]( The prolific threat actor has laundered hundreds of millions of dollars in stolen virtual currency through the service. [MORE]( EDITORS' CHOICE [Okta Breach Widens to Affect 100% of Customer Base]( Early disclosures related to September compromise insisted less than 1% of Okta customers were impacted; now, the company says it was all of them. LATEST FROM THE EDGE [10 Holiday Gifts For Stressed-Out Security Pros]( These office giving-friendly fidgets, stress balls, brain teasers, and more are perfect to calm the most harried cybersecurity professionals. LATEST FROM DR TECHNOLOGY [The European Space Agency Explores Cybersecurity for Space Industry]( An ESA cybersecurity expert explains how space-based data and services benefit from public investment in space programs. LATEST FROM DR GLOBAL [Saudi Companies Outsource Cybersecurity Amid 'Serious' Incidents]( Saudi companies are seeking extra help in droves, because of a lack of tools and personnel. WEBINARS - [Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven]( In this session, you'll learn what a holistic approach to SSCS requires, including a comprehensive inventory of your supply chain, connecting risks across the development lifecycle, and leveraging code-to-runtime context to prioritize risks. We'll provide examples of "toxic combinations" between ... - [Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing]( Many of today's most damaging cyberattacks begin with a phishing lure delivered over corporate email. The attacks against Microsoft Exchange illustrated the extent of damage attackers can inflict by targeting enterprise email servers. Many enterprises still don't have a unified ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [The State of Supply Chain Threats]( - [Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware]( - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Flow Security Launches GenAI DLP]( [The Latest Delinea Secret Server Release Boosts Usability With New Features]( [Code Scanner by Piiano Helps Enterprises Prevent Data Leaks Proactively]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Tips for a Streamlined Transition to Zero Trust]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=119699&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_12.04.23&sp_cid=50806&utm_content=DR_NL_Dark%20Reading%20Daily_12.04.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#f5 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)