4:00

A cherry on top for memory security.

4:03

The University of Cambridge and

4:05

SRI International originally started the

4:07

Capability Hardware Enhanced Risk Instructions,

4:09

or CHERRY, program in 2010

4:11

to develop hardware that integrated

4:13

memory protection features. Now,

4:15

the University announced it will form the

4:18

CHERRY Alliance with the FreeBSD Foundation, LowRisk

4:21

and SCI Semiconductor in the

4:23

fall, with membership roles open

4:25

now. The Alliance will look

4:27

to drive the adoption of CHERRY technology. In

4:30

the press release announcing the Alliance, the

4:32

group claims that memory issues accounted for

4:34

70% of vulnerabilities used by threat actors.

4:39

Eufy Vulnerability found on Intel

4:41

CPUs. A report from

4:43

Eclipsium details a flaw in Phoenix

4:45

SecureCore Eufy firmware used by Intel

4:47

Motherboards coming as far back as

4:49

2016 across desktop and mobile systems.

4:52

Delightfully dubbed Eufy Can Has Buffer

4:54

Overflow, the flaw comes from an

4:56

unsafe variable in the TPM that

4:58

creates a buffer overflow that could

5:00

be used to execute arbitrary code.

5:03

There's no indication this flaw saw exploitation

5:05

in the wild. Eclipsium

5:07

disclosed the vulnerability, which Phoenix Technologies

5:09

patched in April, but given

5:11

the span of vulnerable devices, many

5:13

likely remain unpatched. Hacking

5:17

Campaign threatens French diplomats. France's

5:20

cybersecurity agency ANSSI issued an

5:22

alert identifying the Russian-linked threat

5:24

actor Nobelium as targeting numerous

5:26

French organizations ranging from the

5:28

Ministry of Culture to foreign

5:31

affairs. The agency detailed

5:33

numerous efforts by Nobelium to disrupt

5:35

the country's foreign missions from attempting

5:37

to install Cobalt Strike on a

5:39

ministry network to compromising a diplomat's

5:41

email to spread misinformation. Overall,

5:44

Nobelium seems focused on capturing strategic

5:46

intelligence. ANSSI warned these

5:48

attacks could facilitate future operations by

5:51

the group and characterized the

5:53

attacks as a national security concern. coming

6:00

up throughout today. It starts off

6:02

with Super Cyber Friday at 1pm

6:05

Eastern, 10am Pacific, talking

6:07

all about hacking generative AI

6:09

anxiety. Head on over to

6:11

our events page at cisoseries.com to register to

6:14

join in on our chat room during the

6:16

event, get all your questions answered, and just

6:18

really enjoy this conversation. Then at 3.30pm

6:20

Eastern, 12.30 Pacific, we have our Week

6:23

in Review show, where we'll be

6:25

breaking down the biggest news of

6:27

the week with perspective and expertise

6:29

from Kraft Ventures CISO Bill Harmer.

6:32

Make sure you're subscribed to our YouTube channel to

6:34

catch the live stream. Reporting

6:36

for the CISO Series, I'm Rich Straffolino,

6:39

reminding you to have a

6:41

super sparkly day. Cybersecurity

6:46

headlines are available every weekday.

6:48

Head to cisoseries.com for the

6:50

full stories behind the headlines.