Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
4:00
A cherry on top for memory security.
4:03
The University of Cambridge and
4:05
SRI International originally started the
4:07
Capability Hardware Enhanced Risk Instructions,
4:09
or CHERRY, program in 2010
4:11
to develop hardware that integrated
4:13
memory protection features. Now,
4:15
the University announced it will form the
4:18
CHERRY Alliance with the FreeBSD Foundation, LowRisk
4:21
and SCI Semiconductor in the
4:23
fall, with membership roles open
4:25
now. The Alliance will look
4:27
to drive the adoption of CHERRY technology. In
4:30
the press release announcing the Alliance, the
4:32
group claims that memory issues accounted for
4:34
70% of vulnerabilities used by threat actors.
4:39
Eufy Vulnerability found on Intel
4:41
CPUs. A report from
4:43
Eclipsium details a flaw in Phoenix
4:45
SecureCore Eufy firmware used by Intel
4:47
Motherboards coming as far back as
4:49
2016 across desktop and mobile systems.
4:52
Delightfully dubbed Eufy Can Has Buffer
4:54
Overflow, the flaw comes from an
4:56
unsafe variable in the TPM that
4:58
creates a buffer overflow that could
5:00
be used to execute arbitrary code.
5:03
There's no indication this flaw saw exploitation
5:05
in the wild. Eclipsium
5:07
disclosed the vulnerability, which Phoenix Technologies
5:09
patched in April, but given
5:11
the span of vulnerable devices, many
5:13
likely remain unpatched. Hacking
5:17
Campaign threatens French diplomats. France's
5:20
cybersecurity agency ANSSI issued an
5:22
alert identifying the Russian-linked threat
5:24
actor Nobelium as targeting numerous
5:26
French organizations ranging from the
5:28
Ministry of Culture to foreign
5:31
affairs. The agency detailed
5:33
numerous efforts by Nobelium to disrupt
5:35
the country's foreign missions from attempting
5:37
to install Cobalt Strike on a
5:39
ministry network to compromising a diplomat's
5:41
email to spread misinformation. Overall,
5:44
Nobelium seems focused on capturing strategic
5:46
intelligence. ANSSI warned these
5:48
attacks could facilitate future operations by
5:51
the group and characterized the
5:53
attacks as a national security concern. coming
6:00
up throughout today. It starts off
6:02
with Super Cyber Friday at 1pm
6:05
Eastern, 10am Pacific, talking
6:07
all about hacking generative AI
6:09
anxiety. Head on over to
6:11
our events page at cisoseries.com to register to
6:14
join in on our chat room during the
6:16
event, get all your questions answered, and just
6:18
really enjoy this conversation. Then at 3.30pm
6:20
Eastern, 12.30 Pacific, we have our Week
6:23
in Review show, where we'll be
6:25
breaking down the biggest news of
6:27
the week with perspective and expertise
6:29
from Kraft Ventures CISO Bill Harmer.
6:32
Make sure you're subscribed to our YouTube channel to
6:34
catch the live stream. Reporting
6:36
for the CISO Series, I'm Rich Straffolino,
6:39
reminding you to have a
6:41
super sparkly day. Cybersecurity
6:46
headlines are available every weekday.
6:48
Head to cisoseries.com for the
6:50
full stories behind the headlines.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More