CLFS Bug Crashes Even Updated Windows 10, 11 Systems

A quick and easy exploit for crashing Windows computers has no fix yet nor really any way to mitigate its effects. [TechWeb]( Follow Dark Reading: [RSS]( August 13, 2024 LATEST SECURITY NEWS & COMMENTARY [CLFS Bug Crashes Even Updated Windows 10, 11 Systems]( A quick and easy exploit for crashing Windows computers has no fix yet nor really any way to mitigate its effects. [AMD Issues Updates for Silicon-Level 'SinkClose' Processor Flaw]( The vulnerability has been around for nearly 20 years and gives sophisticated attackers a way to bury virtually undetectable bootkits on devices with EPYC and Ryzen microprocessors. [Ukraine CERT: Mass Phishing Campaign Poses as Nation's Security Service]( More than 100 Ukrainian government devices have been affected by the threat that is being tracked as UAC-0198. [Tennessee Man Helped DPRK Workers Get Jobs at US Orgs, Fund WMDs]( US citizens play middleman between US companies and the North Korean government agents they unwittingly hire. [UN Approves Cybercrime Treaty Despite Major Tech, Privacy Concerns]( The treaty would allow any country to request technology firms to aid in cybercrime investigations and preserve data about their users — potentially imperiling penetration testers and security researchers, among others. [A Lesson From the CrowdStrike Incident]( The recent outage highlights the critical importance of adhering to established processes and governance frameworks. [(Sponsored Article) Aligning Breaches With MITRE ATT&CK Threat Model]( Mapping attacks to the MITRE matrix helps security professionals fine-tune their security roadmaps and better understand where to apply resources [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [How to Weaponize Microsoft Copilot for Cyberattackers]( At Black Hat USA, security researcher Michael Bargury released a "LOLCopilot" ethical hacking module to demonstrate how attackers can exploit Microsoft Copilot — and offered advice for defensive tooling. [Microsoft on CISOs: Thriving Community Means Stronger Security]( Microsoft execs detailed the company's reaction to the CrowdStrike incident and emphasized the value of a collective identity. [Building an Effective Strategy to Manage AI Risks]( As AI technologies continue to advance at a rapid pace, privacy, security and governance teams can't expect to achieve strong AI governance while working in isolation. [Tackling Vulnerabilities & Errors Head-on for Proactive Security]( As attack surfaces increase, partner networks widen, and security teams remain stretched, vulnerabilities and errors continue to be a daunting challenge. [MORE]( PRODUCTS & RELEASES [Vectra AI Expands XDR Platform to Deliver a Real-Time View of Active Posture to Monitor Exposure to Attackers]( [WiCyS and ISC2 Launch Fall Camp for Cybersecurity Certification]( [Anthropic: Expanding Our Model Safety Bug Bounty Program]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [CrowdStrike's Legal Pressures Mount, Could Blaze Path to Liability]( Following the July 19 outages caused by a bad update, the cybersecurity firm faces shareholder lawsuits and pressure to pay damages for at least one major customer, Delta Airlines. Will software liability follow? LATEST FROM THE EDGE [Healthcare Providers Must Plan for Ransomware Attacks on Third-Party Suppliers]( The American Hospital Association and Health-ISAC issued a joint threat bulletin warning healthcare IT providers that their ransomware plans need to consider third-party risk. LATEST FROM DR TECHNOLOGY [CrowdStrike Tries to Patch Things Up With Cybersecurity Industry]( CrowdStrike's president and CEO were both at Black Hat and DEF CON to face direct questions from customers and cybersecurity professionals. LATEST FROM DR GLOBAL [How Regional Regulations Shape Global Cybersecurity Culture]( Ultimately, a more cyber-secure world requires a global governing body to regulate and campaign for cybersecurity, with consistent regulatory requirements in the various regions around the world. WEBINARS - [Determining Exposure and Risk In The Event of a Breach]( - [How to Find and Fix Application Vulnerabilities]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Managing Third-Party Risk Through Situational Awareness]( - [Ten Elements of Insider Risk in Highly Regulated Industries]( - [Decode the New SEC Cybersecurity Disclosure Ruling]( - [Google Threat Intelligence]( - [How Cyber Threat Intelligence Empowers the C-Suite]( - [2024 InformationWeek US IT Salary Report]( - [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights]( [View More White Papers >>]( FEATURED REPORTS - [Managing Third-Party Risk Through Situational Awareness]( - [2024 InformationWeek US IT Salary Report]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=125117&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_08.13.24&sp_cid=54670&utm_content=DR_NL_Dark%20Reading%20Daily_08.13.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#95 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)