CISO Talk by James Azar
CyberHub Podcast
🚨 Cyber News: GhostRace Attack on CPU, Stanford Ransowmare, 12M Secrets Leaked on GitHub, Patch Tuesday Recap
1×
0:00
Current time: 0:00 / Total time: -14:56
-14:56

🚨 Cyber News: GhostRace Attack on CPU, Stanford Ransowmare, 12M Secrets Leaked on GitHub, Patch Tuesday Recap

Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines

In this episode of the CyberHub Podcast, host James Azar, joined by experts, delves into the latest cybersecurity developments, offering insights and actionable advice.

The episode covers a range of topics, from newly discovered vulnerabilities to major security updates and patches.

Ghost Race: A New Speculative Race Condition Threat

A collaborative effort by IBM and VU Amsterdam University researchers has uncovered a novel data leak vulnerability named "Ghost Race," affecting all major CPU manufacturers. This speculative race condition (SRC) can potentially expose sensitive data, such as passwords and encryption keys, from memory. However, it's important to note that exploitation requires either physical or privileged access, making it a less immediate threat for the general public.

Action Points:

1. Stay informed about developments related to Ghost Race and consider the implications for systems and devices within your network.

2. Emphasize security by design in all projects, ensuring that security measures are integrated from the outset, not just during execution.

Tether Token Seizure and the Rise of Tech Support Scams

In a significant operation, U.S. law enforcement confiscated approximately $1.4 million in Tether tokens linked to tech support scams primarily targeting the elderly. These scams exploit victims with deceptive pop-ups, leading to substantial financial losses.

Action Points:

1. Educate vulnerable populations about the risks of tech support scams and how to recognize them.

2. Report suspicious activities and support victims in seeking assistance and recovering lost assets.

Stanford University Data Breach: A Wake-Up Call

Stanford University revealed a ransomware attack on its Department of Public Safety network, compromising the personal information of 27,000 individuals. The breach underscores the importance of robust cybersecurity measures and timely incident response.

Action Points:

1. If affected, follow Stanford's guidance for securing personal information, such as updating government IDs and monitoring for fraudulent activities.

2. Organizations should review and strengthen their cybersecurity frameworks to prevent similar incidents.

GitHub's Security Lapse: Exposed Secrets

An alarming finding revealed that GitHub users inadvertently exposed nearly 13 million sensitive secrets across public repositories. These include passwords, API keys, and cloud service credentials, posing significant security risks.

Action Points:

1. Review and secure your GitHub repositories, removing or protecting sensitive information.

2. Implement regular audits and use tools to detect and mitigate the exposure of secrets in code repositories.

Patch Tuesday Recap: A Busy Week for Security Teams

The episode wraps up with an overview of the latest patches and security updates from major technology providers, including Microsoft, Apple, Cisco, and more. Notable vulnerabilities addressed range from remote code executions to critical flaws in network and software products.

Action Points:

1. Prioritize and apply the latest patches and updates for your software and hardware to protect against known vulnerabilities.

2. Monitor security advisories from vendors and plan for regular maintenance windows to implement security updates.

In summary, this episode of the CyberHub Podcast offers a comprehensive look at current cybersecurity challenges and practical steps for individuals and organizations to enhance their security posture.

Share

Show Notes and Story Links:

https://www.securityweek.com/major-cpu-software-vendors-impacted-by-new-ghostrace-attack/

https://www.securityweek.com/us-seizes-1-4-million-in-cryptocurrency-from-tech-scammers/

https://www.bleepingcomputer.com/news/security/stanford-data-of-27-000-people-stolen-in-september-ransomware-attack/

https://www.bleepingcomputer.com/news/security/over-12-million-auth-secrets-and-keys-leaked-on-github-in-2023/

https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2024-patch-tuesday-fixes-60-flaws-18-rce-bugs/

https://www.securityweek.com/ics-patch-tuesday-siemens-ruggedcom-devices-impacted-by-45-fortinet-vulnerabilities/

https://www.securityweek.com/fortinet-patches-critical-vulnerabilities-leading-to-code-execution/

https://www.securityweek.com/sap-patches-critical-command-injection-vulnerabilities/

https://www.securityweek.com/adobe-patches-critical-flaws-in-enterprise-products/

Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel!

Apply now to be a featured partner on the show: https://www.cyberhubpodcast.com/contact

******

Listen here: https://linktr.ee/cyberhubpodcast

SubStack:

******

Website: https://www.cyberhubpodcast.com

Youtube: https://www.youtube.com/c/TheCyberHubPodcast

Rumble: https://rumble.com/c/c-1353861

Facebook: https://www.facebook.com/CyberHubpodcast/

Linkedin: https://www.linkedin.com/company/cyberhubpodcast/

Twitter: https://twitter.com/cyberhubpodcast

Instagram: https://www.instagram.com/cyberhubpodcast

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Discussion about this podcast

CISO Talk by James Azar
CyberHub Podcast
Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines and how these stories help keep practitioners sharp and ready.