Cybersecurity

A series of targeted cyberattacks that started at the end of July 2024, targeting dozens of systems used in Russian government organizations and IT companies, are linked to Chinese hackers of the APT31 and APT 27 groups.

"Modern consumers have come to imagine the internet as something unseen in the atmosphere – an invisible “cloud” just above our heads, raining data down upon us. Because our devices aren’t tethered to any cables, many of us believe the whole thing is wireless, says Starosielski, but the reality is far more extraordinary..."

The vulnerabilities, which have been patched, may have novel appeal to attackers as an avenue to compromising phones.

An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser's executables to hijack homepages and steal browsing history.

'The intuition was to take the complexity and push it onto the user,' Moxie Marlinspike says at Black Hat. 'We were just wrong.'

AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable.

Tracked as CVE-2023-31315 and rated of high severity (CVSS score: 7.5), the flaw was discovered by IOActive Enrique Nissim and Krzysztof Okupski, who named privilege elevation attack 'Sinkclose.'

Full details about the attack will be presented by the researchers at tomorrow in a DefCon talk titled "AMD Sinkclose: Universal Ring-2 Privilege Escalation."

• CVE-2023-31315
• AMD-SB-7014