As enterprises increasingly adopt AI, securing AI factories—where complex, agentic workflows are executed—has never been more critical. NVIDIA is bringing runtime cybersecurity to every AI factory with a new NVIDIA DOCA software framework, part of the NVIDIA cybersecurity AI platform. Running on the NVIDIA BlueField networking platform, NVIDIA DOCA Argus operates on every node to immediately detect and respond to attacks on AI workloads, integrating seamlessly with enterprise security systems to deliver instant threat insights. The DOCA Argus framework provides runtime threat detection by using advanced memory forensics to monitor threats in real time, delivering detection speeds up to 1,000x faster than existing agentless solutions—without impacting system performance.

Unlike conventional tools, Argus runs independently of the host, requiring no agents, integration or reliance on host-based resources. This agentless, zero-overhead design enhances system efficiency and ensures resilient security in any AI compute environment, including containerized and multi-tenant infrastructures. By operating outside the host, Argus remains invisible to attackers—even in the event of a system compromise. Cybersecurity professionals can seamlessly integrate the framework with their SIEM, SOAR and XDR security platforms, enabling continuous monitoring and automated threat mitigation and extending their existing cybersecurity capabilities for AI infrastructure.

The Hundred-day war between "extremeness" and "despair" begins..."The Hundred Line -Last Defense Academy" is finally out, as of yesterday! Please enjoy this one-of-a-kind work born from the creators' "madness and passion" to your heart's content. Kazutaka Kodaka and Kotaro Uchikoshi join forces for the first time to deliver the ULTIMATE adventure game! 15 students are tasked with defending a school from grotesque monsters for 100 days. Can they make it to the end? And will they survive long enough to uncover the truth? Takumi Sumino is a totally average teenager living in the Tokyo Residential Complex, a place where every day is much like the last and nothing bad ever happens.

All that changes when freakish monsters attack the town and start wreaking havoc. A strange creature calling himself Sirei appears and offers Takumi the power to protect those he holds dear... All he has to do is stab himself in the chest! The next thing he knows, Takumi is in Last Defense Academy, a school in the middle of nowhere surrounded by a wall of otherworldly flames. He and 14 other students have been drafted into the Special Defense Unit, a team tasked with keeping the school safe for the next 100 days. How much are they willing to sacrifice to take back their normal lives and save the world from the grotesque school invaders?

Traditional cybersecurity measures are proving insufficient for addressing emerging cyber threats such as malware, ransomware, phishing and data access attacks. Moreover, future quantum computers pose a security risk to today's data through "harvest now, decrypt later" attack strategies. Cybersecurity technology powered by NVIDIA accelerated computing and high-speed networking is transforming the way organizations protect their data, systems and operations. These advanced technologies not only enhance security but also drive operational efficiency, scalability and business growth.

Accelerated AI-Powered Cybersecurity
Modern cybersecurity relies heavily on AI for predictive analytics and automated threat mitigation. NVIDIA GPUs are essential for training and deploying AI models due to their exceptional computational power.

In a world where most of us work, communicate, play, explore, and make purchases online nearly every day, cybersecurity is more important than ever. Yet it's also a world where it's increasingly hard to know who to trust. Perhaps you've seen recent news reports that call into question the security practices of companies that you might rely on for the network for your home or small business. At ASUS, we're working to show you that not every networking company has the same level of commitment to cybersecurity. Recently, we joined FIRST, a longstanding and renowned organization that brings together a variety of computer security incident response teams from around the world. Our membership in FIRST enables us to take enterprise-level experience, security protocols, and incident response tactics and integrate them into the consumer market.

35 years of coordinating responses against cyberattacks
When you're the victim of a cyberattack, your priority is to re-secure your own hardware, data, and account access. But the incident response teams dedicated to cybersecurity have to take a larger view. What vulnerability made the cyberattack possible? What other systems could be affected? How quickly can a fix be deployed, and how might this fix affect other vital systems and functions? Answering these questions in today's connected world requires not just on-the-ground incident response teams, but international communication and coordination between these groups. Since 1990, this layer of coordination has been provided by FIRST—the Forum of Incident Response and Security Teams. Consisting of members from government agencies, educational institutions, military divisions, and the private sector, FIRST works to ensure a safe internet for everyone by creating channels for incident response and security teams across the globe to work together.

An academic collaboration—between research departments at Georgia Institute of Technology and Ruhr University Bochum—has produced two white paper studies that disclose details regarding the vulnerable nature of certain generations of Apple Silicon. The documents were made available online earlier in the week; readily accessible through their Predictors.Fail webpage. The "SLAP" attack paper's moniker is derived/abbreviated from its long-form title: "Data Speculation Attacks via Load Address Prediction on Apple" Silicon. A similarly uncatchy acronymization has been generated by the second paper's full title: "Breaking the Apple M3 CPU via False Load Output Predictions"—aka "FLOP" attack. The North American and German security research teams have partnered up in the past—their "iLeakage" speculative execution side-channel attack was documented back in October 2023.

Spectre and Meltdown are the original, and likely most famous/notorious examples of speculative execution CPU vulnerability—owners of particular processor architectures were affected at the start of 2018. The Predictors.Fail bulletin proposes that the latest side-channel attacks affect Apple hardware of 2021 vintage and beyond. The teams introduced SLAP as: "a new speculative execution attack that arises from optimizing data dependencies, as opposed to control flow dependencies." They believe that Apple models: "starting with the M2 and A15 are equipped with a Load Address Predictor (LAP), which improves performance by guessing the next memory address the CPU will retrieve data from based on prior memory access patterns. However, if the LAP guesses wrong, it causes the CPU to perform arbitrary computations on out-of-bounds data, which should never have been accessed to begin with, under speculative execution. Building on this observation, we demonstrate the real-world security risks of the LAP via an end-to-end attack on the Safari web browser, where an unprivileged remote adversary can recover email content and browsing behavior."

Broadcom Inc. today announced an industry-first—the new, innovative Emulex Secure Fiber Channel Host Bus Adapters (HBA)—a cost-effective, easy-to-manage solution that encrypts all data as it moves between servers and storage.

Encrypting mission-critical data is no longer a nice-to-have, but a must-have. The cost of ransomware attacks continues to rise with attacks in 2024 costing USD $5.37 million on average per attack. Upcoming generative AI and quantum computers magnify the risk if data is not encrypted at all points in the data center including the network.

After the fiasco surrounding the cancelled press previews and delayed upcoming launch of Assassin's Creed Shadows, it appears that Ubisoft is doing something of a redemption tour in order to garner hype for the latest installment in the Assassin's Creed franchise. Previously, news about AC Shadows's simultaneous console and Steam launch was quite positively received. Now, Ubisoft has given us a full overview of what's to come regarding the combat mechanics in Assassin's Creed Shadows. While the weapons and unit types in Shadows are certainly interesting, perhaps the most important take-away is that timing will be an important aspect to combat.

One of the most important mechanics behind Assassin's Creed Shadows's combat seems to be the character and weapon choices. The samurai, Yasuke, and the shinobi, Naoe, will supposedly come with their own versions of stealth, defensive, and offensive attacks, and each will have their own weapons, to bring some diversity to the gameplay of each character. It looks like each of the different weapon classes will be locked to either character and play style. At launch, Naoe will have three weapons to choose from, and Yasuke will have a broader selection of five weapons to choose from.

Today, Lenovo announced the introduction of ThinkShield Firmware Assurance as part of its portfolio of enterprise-grade cybersecurity solutions. ThinkShield Firmware Assurance is one of the only computer OEM solutions to enable deep visibility and protection below the operating system (OS) by embracing Zero Trust Architecture (ZTA) component-level visibility to generate more accurate and actionable risk management insights.

As a security paradigm, ZTA explicitly identifies users and devices to grant appropriate levels of access so a business can operate with less risk and minimal friction. ZTA is a critical framework to reduce risk as organizations endeavor to complete Zero-Trust implementations.

A new vulnerability was recently discovered in a widely used print server that is installed by default on many Linux and Unix-based systems with a graphical user interface. The primary attack vector for the vulnerability is the CUPS (Common Unit Printing System) print scheduler, specifically cups-browsed, and has the potential to execute code remotely with zero user interaction required.

The vulnerability has reportedly been given a CVSS score of 9.9 by RHEL and Canonical, although this score is hotly debated, with some arguing it should have a lower score, because, although code can be remotely downloaded to the system, it cannot be executed without user intervention. Fortunately, there is no evidence of the vulnerability having been exploited, although the disclosure was leaked online ahead of a planned private reveal in October, prompting the developer that discovered the vulnerability to post the full explanation in a write-up on their blog. This being the case, the vulnerability could very well start being exploited by malicious actors.

On February 26, 2024, AMD received new research related to an industry-wide DRAM issue documented in "ZENHAMMER: Rowhammering Attacks on AMD Zen-based Platforms" from researchers at ETH Zurich. The research demonstrates performing Rowhammer attacks on DDR4 and DDR5 memory using AMD "Zen" platforms. Given the history around Rowhammer, the researchers do not consider these rowhammering attacks to be a new issue.

Mitigation
AMD continues to assess the researchers' claim of demonstrating Rowhammer bit flips on a DDR5 device for the first time. AMD will provide an update upon completion of its assessment.

The stage is set and the anticipation palpable as DRAGON BALL: Sparking! ZERO adds new names to its latest lineup of fighters. Power and speed are often worthless without precision and timing. These new characters are well aware of that. In the DRAGON BALL universe, you have encountered characters who seamlessly blend both speed and power, creating a formidable fusion of strength and agility. However, among all of them, some make their raw strength or rapid movements their defining trait. The newly revealed characters are charted below.

Producer Jun Furutani revealed more details about the game's mechanics
DRAGON BALL: Sparking! ZERO brings back enhanced gameplay elements that the franchise has been known and cherished for, making battles even more spectacular, faster, impressive and authentic to the anime. Evolved features such as "Skill Count", "Revenge Counter" and "Vanishing Assaults" have been added, giving chances for players to counterattack their foes, and add more strategy to their fights. As you discover more about DRAGON BALL: Sparking! ZERO, ask yourself: will you prefer raw, overwhelming power or lightning-fast agility?

The Lee family is reuniting once again to rid the streets of crime as Billy and Jimmy Lee's cousin, Sonny Lee, is joining Double Dragon Gaiden: Rise of the Dragons on April 4. An unconventional fighter, Sonny thrashes his enemies with a flurry of punches and kicks to prove he's just as powerful as his cousins. First appearing in Double Dragon 3: The Rosetta Stone, Sonny Lee joins Double Dragon Gaiden as part of the free Sacred Reunion DLC coming to PC and consoles. Sonny is the lazy, distant cousin of the Lee brothers, but just like Billy and Jimmy, he has practiced the art of Sōsetsuken since he was young. However, Sonny has a hard time keeping up. He opts to give the ancient technique his own creative spin and now wanders the streets to test the might of his new moves.

Also joining Sonny in the Sacred Reunion DLC is the secret assassin Ranzou and one additional mystery fighter. Ranzou is a mysterious young ninja from a secret organization, known as The Secret Society of Ninjas. He has no stake in the fate of New York, but he is sent here by his organization as a test of his abilities. Along with the new characters, the Sacred Reunion DLC will include Survival mode, Versus mode and online co-op. As a fighter, Sonny distinguishes himself as a rushdown/offensive warrior. He executes an action attack similar to a quick breakdance maneuver that travels a short distance and covers threats from all directions. Despite his Sōsetsuken roots, we wanted to ensure that Sonny is his own character, and he is designed to play differently from Billy and Jimmy with much more eccentric moves. His role as the familial outcast significantly influences his fighting style, resulting in a blend of showboating and non-traditional stances. Sonny's distinctive approach to combat reflects his individuality within the family dynamic, which gives him more depth and personality, allowing him to shine brighter in the game.

We have provided an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM. As we said at that time, our investigation was ongoing, and we would provide additional details as appropriate.

In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company's source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised. It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024.

Cyberattacks are an existential risk, with 89% of organizations ranking ransomware as one of the top five threats to their viability, according to a November 2023 report from TechTarget's Enterprise Strategy Group, a leading analyst firm. And this is just one of many risks to corporate data—insider threats, data exfiltration, hardware failures, and natural disasters also pose significant danger. Moreover, as the just-released 2024 IBM X-Force Threat Intelligence Index states, as the generative AI market becomes more established, it could trigger the maturity of AI as an attack surface, mobilizing even further investment in new tools from cybercriminals. The report notes that enterprises should also recognize that their existing underlying infrastructure is a gateway to their AI models that doesn't require novel tactics from attackers to target.

To help clients counter these threats with earlier and more accurate detection, we're announcing new AI-enhanced versions of the IBM FlashCore Module technology available inside new IBM Storage FlashSystem products and a new version of IBM Storage Defender software to help organizations improve their ability to detect and respond to ransomware and other cyberattacks that threaten their data. The newly available fourth generation of FlashCore Module (FCM) technology enables artificial intelligence capabilities within the IBM Storage FlashSystem family. FCM works with Storage Defender to provide end-to-end data resilience across primary and secondary workloads with AI-powered sensors designed for earlier notification of cyber threats to help enterprises recover faster.

An emergency update is being pushed for Surveillance Center in response to a severe vulnerability detected in the software that could potentially allow an attacker to gain control elevated privileges to execute code on ADM to install malware. This update fixes this underlying vulnerability. ASUSTOR strongly urges all users of Surveillance Center for ADM to install the latest version as soon as possible to protect themselves and to minimize the risk of malware infection. ASUSTOR also recommends taking additional security measures to guard against the potential harms of malware in accordance with previously announced protective measures.

ASUSTOR strongly recommends taking the following actions to ensure your data is secure:

• Change your password.
• Use a strong password.
• Change default HTTP and HTTPS ports. Default ports are 8000 and 8001 respectively.
• Turn off Terminal/SSH and SFTP services and other services you do not use.
• Make regular backups and ensure backups are up to date.
• Turn on and update snapshots if available.
• Enable the AbuseIPDB risk detection greylist.

New York-based security firm Trail of Bits has identified a security vulnerability with various GPU models, which include AMD, Qualcomm, and Apple. This vulnerability, named LeftoverLocals, could potentially allow attackers to steal large amounts of data from a GPU's memory. Mainstream client-GPUs form a sizable chunk of the hardware accelerating AI and LLMs, as they cost a fraction of purpose-built data-center GPUs, and are available in the retail market. Unlike CPUs, which have undergone extensive hardening against data leaks, GPUs were primarily designed for graphics acceleration and lack similar data privacy architecture. To our knowledge, none of the client GPUs use virtualization with their graphics memory. Graphics acceleration in general is a very memory sensitive application, and requires SIMD units to have bare-metal access to memory, with as little latency as possible.

First the good news—for this vulnerability to be exploited, it requires the attacker to have access to the target device with the vulnerable GPU (i.e. cut through OS-level security). The attack could break down data silos on modern computers and servers, allowing unauthorized access to GPU memory. The potential data breach could include queries, responses generated by LLMs, and the weights driving the response. The researchers tested 11 chips from seven GPU makers and found the vulnerability in GPUs from Apple, AMD, and Qualcomm. While NVIDIA, Intel, and Arm first-party GPUs did not show evidence of the vulnerability, Apple, Qualcomm, and AMD confirmed to wired that their GPUs are affected, and that they're working on a security response. Apple has released fixes for its latest M3 and A17 processors, but older devices with previous generations of Apple silicon remain vulnerable. Qualcomm is providing security updates, and AMD plans to offer mitigations through driver updates in March 2024.

The recent attacks on cargo ships in the Red Sea are affecting not only oil shipments, but also cargo ships from Asia to Europe. All major carriers such as CMA CGM, Cosco, Evergreen, Hapag-Lloyd, Maersk, MSC and so forth are affected and all have delayed their shipments through the area. A coordinated security action called Operations Prosperity Guardian which includes over half a dozen nations so far, is getting ready to guide shipments through the affected area by Yemen, but it'll lead to slower shipments through the area.

TechPowerUp has already received reports from sources in Taiwan that their products are on some of these ships that are now stuck waiting for naval escorts through the area. However, it appears that there might be shortages of some computer components for the foreseeable future, alongside many other products that are being shipped this route and onwards via the Suez Canal. According to the BBC, it takes 25.5 days on average to ship goods from Taiwan to the Netherlands via the Red Sea and Suez Canal whereas the only alternative route via the Cape of Good Hope takes 34 days and adds extra fuel costs. Regardless of the extra shipping times and costs, it appears some shipping companies are willing to take the longer route to avoid being attacked. This is likely to have a knock on effect on prices for a lot of consumer goods in Europe, so if you haven't bought that hardware you've been holding off getting, now might be as good a time as any.

Binarly's research team has discovered a collection of security vulnerabilities known as "LogoFAIL", which affects image parsing components within the UEFI firmware of a wide array of devices. These vulnerabilities are especially concerning because they are embedded within the reference code provided by Independent BIOS Vendors (IBVs), affecting not just a single vendor but a broad spectrum of devices that utilize this code. LogoFAIL is particularly dangerous because it allows attackers to bypass crucial security measures such as Secure Boot and Intel Boot Guard by executing a payload during the device's boot process. This is achieved by storing malicious images on the EFI System Partition or within unsigned sections of firmware updates. This method can compromise system security deeply without altering the runtime integrity of the bootloader or firmware, unlike other threats such as BlackLotus or BootHole.

The potential reach of LogoFAIL vulnerability is rather wide, with millions of consumer and enterprise-grade devices from various vendors, including ones like Intel, Acer, and Lenovo, being vulnerable. The exact list of affected devices is still undetermined, but the prevalence of the IBVs' code across numerous devices suggests that the impact could be widespread, with both Windows and Linux users being affected. Only PCs that don't allow any logotype displayed in the UEFI during the boot process are safe. Apple's Macs are secure as they don't allow any add-on images during boot, and some OEM prebuilt PCs, like the ones from Dell, don't allow images in the UEFI. Some makers like Lenovo, AMI, and Insyde have already published notes about cautiously uploading custom images to the UEFI and providing BIOS updates. Consumers and enterprises must check with their OEMs and IBVs for BIOS microcode updates to patch against this vulnerability.Below, you can see the proof of concept in a YouTube video.

Researchers at Graz University of Technology and the Helmholtz Center for Information Security have released their paper on CacheWarp—the latest vulnerability affecting some of the prior generation AMD EPYC CPUs. Titled CVE-2023-20592, the exploit targets first-generation EPYC Naples, second-generation EPYC Rome, and third-generation EPYC Milan. CacheWarp operates by exploiting a vulnerability in AMD's Secure Encrypted Virtualization (SEV) technology, specifically targeting the SEV-ES (Encrypted State) and SEV-SNP (Secure Nested Paging) versions. The attack is a software-based fault injection technique that manipulates the cache memory of a virtual machine (VM) running under SEV. It cleverly forces modified cache lines of the guest VM to revert to their previous state. This action circumvents the integrity checks that SEV-SNP is designed to enforce, allowing the attacker to inject faults without being detected.

Unlike attacks that rely on specific guest VM vulnerabilities, CacheWarp is more versatile and dangerous because it does not depend on the characteristics of the targeted VM. It exploits the underlying architectural weaknesses of AMD SEV, making it a broad threat to systems relying on this technology for security. The CacheWarp attack can bypass robust security measures like encrypted virtualization, posing a significant risk to data confidentiality and integrity in secure computing environments. AMD has issued an update for EPYC Milan with a hot-loadable microcode patch and updated the firmware image without any expected performance degradation. And for the remaining generations, AMD states that no mitigation is available for the first or second generations of EPYC processor (Naples and Rome) since the SEV and SEV-ES features are not designed to protect guest VM memory integrity, and the SEV-SNP is not available.

Hardware cybersecurity pioneer and industrial NAND storage specialist, Flexxon, today announced the launch of its latest security product, Xsign. Now available globally, the Xsign provides enhanced security through an innovative approach to unlocking sensitive data reserved only for authorized personnel.

With the use of the Xsign hardware security key, organisations will be provided with a tailored software platform that syncs only with the Xsign key, thereby granting access to pre-defined users. Beyond its function as a security key, the Xsign also operates as a traditional storage card, equipped with Flexxon's industry leading reliability and performance. Key beneficiaries of the solution include industries that handle personal and sensitive data like the healthcare, finance, and government and defense sectors.

Symantec, a division of Broadcom Inc., is partnering with Google Cloud to embed generative AI (gen AI) into the Symantec Security platform in a phased rollout that will give customers a significant technical edge for detecting, understanding, and remediating sophisticated cyber attacks.

Symantec is leveraging the Google Cloud Security AI Workbench and security-specific large language model (LLM)--Sec-PaLM 2-across its portfolio to enable natural language interfaces and generate more comprehensive and easy-to-understand threat analyses. With Security AI Workbench-powered summarization of complex incidents and alignment to MITRE ATT&CK context, security operations center (SOC) analysts of all levels can better understand threats and be able to respond faster. That, in turn, translates into greater security and higher SOC productivity.

A new vulnerability has been discovered in AMD Zen 2 based CPUs by Tavis Ormandy, a Google Information Security researcher. Ormandy has named the new vulnerability Zenbleed—also known as CVE-2023-20593—and it's said to affect all Zen 2 based AMD processors, which means Ryzen 3000, 4000 and 5000-series CPUs and APUs, as well as EPYC server chips. The reason why Zenbleed is of concern is because it doesn't require a potential attacker to have physical access to the computer or server in question and it's said to be possible to trigger the vulnerability via executing a javascript on a webpage. This means that the attack vector ends up being massive, at least when we're talking about something like a webhosting company.

Zenbleed is said to allow a potential attacker to gain access to things like encryption keys and user logins via triggering something called "the XMM Register Merge Optimization2, followed by a register rename and a mispredicted vzeroupper." Apparently this requires some precision for the vulnerability to work, but due to these registers being used system wide, even a sandboxed attacker can gain access to them. AMD has already issued a patch for its EPYC server CPUs, which obviously are the most vulnerable systems in question and the company is planning to release patches for all of its Zen 2 based CPUs before the end of the year. Hit up the source links for more details about Zenbleed.

Owners of TP-Link routers ought to heed a warning from the US government's Cybersecurity and Infrastructure Security Agency (CISA), as at least one router model from the company is vulnerable to known exploits. The exploit is actively targeted by Mirai botnet operators and it allows for injection of commands that could allow them to take over the routers via remote code execution (RCE) software. The router from TP-Link that is known to be vulnerable to the exploits is the Archer AX-21, a fairly recent entry level AX1800 Wi-Fi 6 model that is sold globally by the company.

The specific exploit for the Archer AX-21 is tracked as CVE-2023-1389 and is affecting all Archer AX-21 routers with a firmware version older than 1.1.4 2023019, as it's said to address the vulnerabilities. Users who have linked their router to a TP-Link cloud account and allow for automatic updates should already have had their router firmware automatically updated, but everyone else should update their router firmware as soon as possible. There have already been reports of the exploit being actively used by the Mirai botnet to take over routers in Eastern Europe as of the middle of last month, but further parts of the world aren't spared from attacks either by now. Routers might often be devices that are forgotten in a corner somewhere, but it's important to keep the firmware up to date, especially as they are increasingly becoming the target of hackers.

Researchers at the Technical University of Berlin have published a paper called "faulTPM: Exposing AMD fTPMs' Deepest Secrets," highlighting AMD's firmware-based Trusted Platform Module (TPM) is susceptible to the new exploit targeting Zen 2 and Zen 3 processors. The faulTPM attack against AMD fTPMs involves utilizing the AMD secure processor's (SP) vulnerability to voltage fault injection attacks. This allows the attacker to extract a chip-unique secret from the targeted CPU, which is then used to derive the storage and integrity keys protecting the fTPM's non-volatile data stored on the BIOS flash chip. The attack consists of a manual parameter determination phase and a brute-force search for a final delay parameter. The first step requires around 30 minutes of manual attention, but it can potentially be automated. The second phase consists of repeated attack attempts to search for the last-to-be-determined parameter and execute the attack's payload.

Once these steps are completed, the attacker can extract any cryptographic material stored or sealed by the fTPM regardless of authentication mechanisms, such as Platform Configuration Register (PCR) validation or passphrases with anti-hammering protection. Interestingly, BitLocker uses TPM as a security measure, and faulTPM compromises the system. Researchers suggested that Zen 2 and Zen 3 CPUs are vulnerable, while Zen 4 wasn't mentioned. The attack requires several hours of physical access, so remote vulnerabilities are not a problem. Below, you can see the $200 system used for this attack and an illustration of the physical connections necessary.

As market share of Apple's ARM based Mac computers has increased, so too have efforts to compromise them by previously uninterested hacker groups. A recent string of malware created specifically for macOS has shown that these groups are turning their gaze toward the generally well protected Mac ecosystem. One of these new malware threats, discovered by Jamf Threat Labs and dubbed 'RustBucket,' acts as a simple third-party PDF viewer. The application itself does nothing malicious until a specific PDF is opened which includes an encoded key that triggers a connection to be made between the attacker's server and the victim's Mac, and a small malicious payload to be downloaded. The initial payload begins running system recon commands to determine the machine information, and then downloads a third stage payload which gives the attackers further access to the underlying operating system. All stages after the user opens the PDF are run silently in the background. The PDF viewer used as the catalyst for this hack does require manually overriding Apple's Gatekeeper as it carries no signature, so the obvious step to mitigate this attack is to not use third-party apps or services aside from those curated on Apple's App Store.

The second macOS malware of the week was discovered by Cyble Research and Intelligence Labs (CRIL) being offered for a paltry $1,000 USD per month on a Telegram channel, with the malware going by the name "Atomic macOS Stealer" or "AMOS." This malware has capabilities to scrape keychain passwords, system information, files from the desktop and documents folders, the macOS user password, browser auto-fills, passwords, cookies, wallets, and stored credit card info. The malware is especially adapted to go after cryptowallets with Cyble citing examples such as Electrum, Binance, Exodus, Atomic, and Coinomi. Cyble notes that they've seen the malware receiving active development to improve its capabilities and the threat actors even offering management software and web panels for keeping track of victimized machines, all with a logging system that dumps to Telegram. The current attack vector is a simple Golang.dmg file which installs the malware, so this does appear to require direct machine access. However once installed, "AMOS" does its handiwork without detection and sends a compressed file off to the attacker's server with all the information it collected.