MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs

Goal is to give chip designers and security practitioners in the semiconductor space a better understanding of major microprocessor flaws like Meltdown and Spectre. [TechWeb]( Follow Dark Reading: [RSS]( March 01, 2024 LATEST SECURITY NEWS & COMMENTARY [MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs]( Goal is to give chip designers and security practitioners in the semiconductor space a better understanding of major microprocessor flaws like Meltdown and Spectre. [Microsoft Zero-Day Used by Lazarus in Rootkit Attack]( North Korean state actors Lazarus Group used a Windows AppLocker zero-day, along with a new and improved rootkit, in a recent cyberattack, researchers report. [Hugging Face AI Platform Riddled With 100 Malicious Code-Execution Models]( The finding underscores the growing risk of weaponizing publicly available AI models and the need for better security to combat the looming threat. [FBI, CISA Release IoCs for Phobos Ransomware]( Threat actors using the malware have infected systems within government, healthcare, and other critical infrastructure organizations since at least 2019. [MTTR: The Most Important Security Metric]( Measuring and tracking your mean time to remediate shows whether vulnerability management is reducing risk and closing opportunities for adversaries. [Chinese APT Developing Exploits to Defeat Already Patched Ivanti Users]( More bad news for Ivanti customers: soon, even if you've patched, you still might not be safe from relentless attacks from high-level Chinese threat actors. [Biden Administration Unveils Data Privacy Executive Order]( The presidential move orders a variety of different departments and organizations to regulate personal data better and provide clear, high standards to prevent foreign access. [(Sponsored Article) Cyber-Risk Is Getting Personal]( Cyber-risk is no longer just business risk; it's also personal risk. Learn how to protect yourself and your organization from threats. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS ['Voltzite' Zaps African Utilities as Part of Volt Typhoon's Onslaught]( The China-backed APT that's been trying to set itself up inside US critical infrastructure for the purpose of disrupting physical processes is deploying a similar playbook in Africa. [Converging State Privacy Laws and the Emerging AI Challenge]( It's time for companies to look at what they're processing, what types of risk they have, and how they plan to mitigate that risk. [Cyberattackers Lure EU Diplomats With Wine-Tasting Offers]( A targeted attack aiming to exploit geopolitical relations between India and Europe delivers previously undocumented, uniquely evasive backdoor malware. [MORE]( PRODUCTS & RELEASES [Troutman Pepper Forms Incidents and Investigations Team]( [Tenable Introduces Visibility Across IT, OT, and IoT Domains]( [Cybersecurity Startup Morphisec Appoints Ron Reinfeld As CEO]( [Entro Extends Machine Secrets and Identities Protection With Machine Identity Lifecycle Management]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Echoes of SolarWinds in New 'Silver SAML' Attack Technique]( A successor to the "Golden SAML" tactic used in the SolarWinds campaign, this new technique taps SAML response forgery to gain illegitimate access to apps and services. LATEST FROM THE EDGE [As Smart Cities Expand, So Do the Threats]( The systems that make up a smart city ecosystem are not easily secured and require better design and better policy to ensure they are not vulnerable. LATEST FROM DR TECHNOLOGY [Cloud Apps Make the Case for Pen-Testing-as-a-Service]( Applications are increasingly distributed, expanding companies' cloud attack surfaces and requiring regular testing to find and fix vulnerabilities — and avoid the risk of a growing sprawl of services. LATEST FROM DR GLOBAL [Ransomware-as-a-Service Spawns Wave of Cyberattacks in Middle East & Africa]( Experts advise organizations in the region to refuse to pay ransom demands. WEBINARS - [How To Optimize and Accelerate Cybersecurity Initiatives for Your Business]( - [Assessing Your Critical Applications' Cyber Defenses]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Gcore Radar]( - [Cheat Sheet - 5 Strategic Security Checkpoints]( - [Causes and Consequences of IT and OT Convergence]( - [Strengthen Microsoft Defender with MDR]( - [2023 Work-from-Anywhere Global Study]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Mandiant Threat Intelligence at Penn State Health]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=121781&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_03.01.24&sp_cid=52286&utm_content=DR_NL_Dark%20Reading%20Daily_03.01.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#0a If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)