High-Risk Overflow Bug in Intel Chips Likely Impacts 100s of PC Models

The old, but newly disclosed, vulnerability is buried deep inside personal computers, servers, and mobile devices, and their supply chains, making remediation a headache. [TechWeb]( Follow Dark Reading: [RSS]( June 21, 2024 LATEST SECURITY NEWS & COMMENTARY [High-Risk Overflow Bug in Intel Chips Likely Impacts 100s of PC Models]( The old, but newly disclosed, vulnerability is buried deep inside personal computers, servers, and mobile devices, and their supply chains, making remediation a headache. [Russia's Midnight Blizzard Seeks to Snow French Diplomats]( The notorious cyber espionage group has been harrying French interests for years, and isn't flagging now as the Paris Olympics approach. [DDoS Attack Targets Poland's UEFA Euro Opening Match]( The stream was briefly knocked offline, preventing millions of fans from accessing the game. Poland's head of digital services says "all leads lead to the Russian Federation." [Thousands of Car Dealerships Stalled Out After Software Provider Cyberattack]( CDK Global, which makes software for car dealers, experienced a cyber incident that halted vehicle sales and service across the US. ['Vortax' Meeting Software Builds Elaborate Branding, Spreads Infostealers]( The "Markopolo" threat actors built a convincing brand and Web presence for fake software to deliver the dangerous Atomic macOS stealer, among other malware, to carry out cryptocurrency heists. [Russia's Midnight Blizzard Seeks to Snow French Diplomats]( The notorious cyber espionage group has been harrying French interests for years, and isn't flagging now as the Paris Olympics approach. [Catching Up on Innovation With NIST CSF 2.0]( The updated framework is an equalizer for smaller organizations to meet the industry at its breakneck pace of innovation. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft]( A trio of bugs could allow hackers to escalate privileges and remotely execute code on virtual machines deployed across cloud environments. [The CEO Is Next]( If CEOs want to avoid being the target of government enforcement actions, they need to take a personal interest in ensuring that their corporation invests in cybersecurity. [North Korea's Moonstone Sleet Widens Distribution of Malicious Code]( The recently identified threat actor uses public registries for distribution and has expanded capabilities to disrupt the software supply chain. ['Sleepy Pickle' Exploit Subtly Poisons ML Models]( A model can be perfectly innocent, yet still dangerous if the means by which it's packed and unpacked are tainted. [MORE]( PRODUCTS & RELEASES [Aim Security Closes $18M Series A to Secure Generative AI Enterprise Adoption]( [DataBee Launches Innovations for Enhanced Threat Monitoring and Zero Trust Implementation]( [KnowBe4 Launches PhishER Plus Threat Intel Feature]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE ['ONNX' MFA Bypass Targets Microsoft 365 Accounts]( The service, likely a rebrand of a previous operation called "Caffeine," mainly targets financial institutions in the Americas and EMEA and uses malicious QR codes and other advanced evasion tactics. LATEST FROM THE EDGE [Consumer Privacy Bill Fails in Vermont]( The bill, if it had successfully become law, would have given consumers the right to sue companies that violate their privacy. LATEST FROM DR TECHNOLOGY [CHERI Alliance Aims to Secure Hardware Memory]( The consortium of private companies and academia will focus on ways to protect hardware memory from attacks. LATEST FROM DR GLOBAL [Singapore Extradites Suspected Cybercrime Scammers from Malaysia]( Cops decimate cybercrime infrastructure used to steal data from nearly 2,000 people in Singapore last year. WEBINARS - [Empowering Developers, Automating Security: The Future of AppSec]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Google Threat Intelligence]( - [A Year in Review of Zero-Days Exploited In-the-Wild in 2023]( - [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [2023 Global Threat Report]( - [The Future of Cloud Security: Attack Paths & Graph-based Technology]( [View More White Papers >>]( FEATURED REPORTS - [2023 Global Threat Report]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124164&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_06.20.24&sp_cid=54024&utm_content=DR_NL_Dark%20Reading%20Daily_06.20.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#9a If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)