07 December 2023
■ New SLAM Attack Steals Sensitive Data from AMD, Future Intel CPUs
The SLAM side-channel attack targets forthcoming CPUs (Intel, AMD, Arm), exploiting hardware features to retrieve root password hashes from kernel memory, posing significant security risks.
■ Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts
Recommendations by experts to prevent AWS token abuse include CloudTrail event logging, detection of role-chaining events, MFA abuse, and regular IAM user access key rotation.
■ ENISA Publishes Threat Landscape Report on DoS Attacks
The ENISA report delves into the motivations, goals, and impacts of DoS attacks, underscoring the necessity for enhanced organizational defenses and robust prevention strategies.
■ Deutsche Wohnen Ruling Set to Drive Up GDPR Fines*
A significant ruling establishes that lack of management awareness is not a defense against GDPR violations, potentially increasing fines based on an organization's turnover.
■ Report: UK's Sellafield Nuclear Site Hacked by Groups Linked to Russia and China
The breach detected in 2015 at the Sellafield Nuclear Site may still have unresolved impacts, affecting sensitive activities like radioactive waste handling and monitoring.
■ New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand
Krasue, a newly discovered Linux Trojan, targets telecom companies in Thailand, utilizing unknown deployment methods, suspected vulnerability exploitation, brute-force attacks, or fake software packages.
■ US Senator: Govts Spy on Apple, Google Users via Mobile Notifications
Government agencies worldwide allegedly demand mobile push notification records from Apple and Google users, raising concerns about user privacy and surveillance.
■ Navy Contractor Austal USA Confirms Cyberattack After Data Leak
Austal USA, a contractor for the US DoD and DHS, confirms a cyberattack, currently investigating the scope and impact of the incident.
■ Nissan Investigating Cyberattack and Potential Data Breach
Nissan is probing a cyberattack on its systems in Australia and New Zealand, potentially exposing personal information and ongoing investigations.