AMD developed Secure Encrypted Virtualization (SEV) to make its cloud services more secure, but even the latest versions of the security feature, SEV-ES (Encrypted State) and SEV-SNP (Secure Nested Paging), were vulnerable to a software-based attack. This discovery was made by CISPA researcher Ruiyi Zhang, who devised a type of attack called CacheWarp, which, in the worst-case scenario, allows attackers to gain in-depth access to data and even manipulate it. This was not possible with previous attack techniques. According to AMD, the vulnerability has been addressed with an update.

Non-profit cybersecurity center for critical sectors SektorCERT recently revealed that hackers compromised 22 energy organizations in a coordinated attack against Denmark’s critical infrastructure.  SektorCERT noted that as part of the attack in May 2023, the hackers compromised the victim organizations within a few days, making this the largest attack against Danish critical infrastructure to date.  SektorCERT stated that Denmark is constantly under attack,  but it is unusual that one sees so many concurrent, successful attacks against the critical infrastructure.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released its first Roadmap for Artificial Intelligence (AI), adding to the Department of Homeland Security (DHS) and broader whole-of-government initiative to ensure the secure development and implementation of AI capabilities. CISA's Roadmap for AI outlines different lines of effort, which include responsibly using AI to support the agency's mission, assessing AI systems, protecting critical infrastructure from malicious AI use, and more.

TA402, also known as Molerats and Frankenstein, a pro-Palestinian cyber espionage group focused on compromising government targets in the Middle East, is using a sophisticated initial access downloader. According to Proofpoint researchers, TA402, which has been active for over a decade, is now using a new tool called IronWind. The group used it in three campaigns targeting systems within government agencies throughout the Middle East and Northern Africa.

The US Cybersecurity and Infrastructure Security Agency (CISA) requires US federal agencies to patch five vulnerabilities exploited by attackers to compromise Juniper networking devices. Most of these vulnerabilities are not particularly dangerous on their own, but they can and have been chained together by attackers to enable Remote Code Execution (RCE) on Internet-facing devices. Juniper Networks patched four flaws impacting the J-Web Graphical User Interface (GUI) of Junos OS-powered devices in late August 2023, and advised customers to update their SRX firewalls and EX switches.

Researchers have discovered a new hacking group named "AlphaLock," which presents itself as a "pentesting training organization" that provides training to hackers and then monetizes their services through a dedicated affiliate program. AlphaLock seems relatively sophisticated and active on Telegram, Matrix, and the dark web forum XSS. Their business model is composed of the Bazooka Code Pentest Training and the ALPentest Hacking Marketplace. This article continues to discuss the business model and launch of the AlphaLock group.

Threat actors are targeting publicly accessible Docker Engine Application Programming Interface (API) instances as part of a campaign to co-opt the machines into the OracleIV Distributed Denial-of-Service (DDoS) botnet. According to Cado researchers, the attackers are exploiting this misconfiguration to deliver a malicious Docker container built from an image named 'oracleiv_latest,' containing Python malware compiled as an ELF executable.

Since its inception, the Royal ransomware gang has targeted at least 350 organizations worldwide, with ransom demands exceeding $275 million.  According to the US cybersecurity agency CISA and the FBI, the cybercriminals may be preparing to rebrand their operation.  The group has been active since at least September 2022.  In March 2023, CISA and the FBI issued an alert on the Royal ransomware operation, urging organizations to implement security best practices to protect their environments against Royal and other ransomware attacks.

Researchers have demonstrated for the first time that a large portion of the cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when natural computational errors happen during the establishing of the connection. They used their findings to calculate the private portion of about 200 unique SSH keys they observed in public Internet scans carried out over the past seven years. The researchers believe that keys used in IPsec connections may face the same fate. This article continues to discuss the new attack.