Cybersecurity

​Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers' private data.

Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers.

AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members.

The vulnerability can be used to deceive a user into inadvertently uploading and integrating incorrect data into the application’s language model.

Cybersecurity and Infrastructure Security Agency urges affected users to update ASAP.

The article says the following:

Linux 6.10 is introducing support for Trusted Platform Module (TPM2) encryption and integrity protections to prevent active/passive interposers from compromising them. This follows a recent security demonstration of TPM key recovery from Microsoft Windows BitLocker being demonstrated. TPM sniffing attacks have also been demonstrated against Linux systems too, thus the additional protections be made with Linux 6.10 to better secure TPM2 modules.

I'm a little confused with this article. Is it talking about implementing TPM parameter encryption? If so, does this mean that the TPM bus prior to kernel v6.10 was unencrypted? Will this kernel feature still require a patch to be made to software like systemd-cryptenroll? Are the sniffing attacks that it's talking about examples of MITM attacks like this? Does windows encrypt the TPM bus?

• Source
• Archive link