New CounterSEVeillance and TDXDown Attacks Target AMD and Intel TEEs

Security researchers continue to find ways to attack Intel and AMD processors, and the chip giants over the past week have issued responses to separate research targeting their products. The research projects were aimed at Intel and AMD trusted execution environments (TEEs), which are designed to protect code and data by isolating the protected application or virtual machine (VM) from the operating system and other software running on the same physical system.  On Monday, a team of researchers representing the Graz University of Technology in Austria, the Fraunhofer Institute for Secure Information Technology (SIT) in Germany, and Fraunhofer Austria Research published a paper describing a new attack method targeting AMD processors. 

Okta’s new security standard to be adopted by Google, Microsoft

Identity and access management (IAM) solutions provider Okta has announced a new, open-source identity security standard for SaaS providers, calling it the Interoperability Profile for Secure Identity in the Enterprise (IPSIE). The new security framework, set to be adopted by Microsoft, Google, Ping Identity, BeyondIdentity, and SGNL among others, is aimed at improving “end-to-end security” for SaaS-based identities. “Okta is determined to get security right and we know the future of the industry rests in not just securing identity, but also having a secure identity standard that is open and available to everyone,” said Arnab Bose, chief product officer for Workforce Identity Cloud at Okta. 

USDoD hacker behind National Public Data breach arrested in Brazil

A notorious hacker named USDoD, who is linked to the National Public Data and InfraGard breaches, has been arrested by Brazil’s Polícia Federal in “Operation Data Breach”. USDoD, aka EquationCorp, has a long history of high-profile data breaches where he stole data and commonly leaked it on hacking forums while taunting the victims. These breaches include those on the FBI’s InfraGard, a threat information sharing portal, and National Public Data, where the personal data and social security numbers of hundreds of millions of US citizens were leaked online.

Critical Kubernetes Image Builder flaw gives SSH root access to VMs

A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project. Kubernetes is an open-source platform that helps automate the deployment, scale, and operate virtual containers – lightweight environments for applications to run. With Kubernetes Image Builder, users can create virtual machine (VM) images for various Cluster API (CAPI) providers, like Proxmox or Nutanix, that run the Kubernetes environment. These VMs are then used to set up nodes (servers) that become part of a Kubernetes cluster.

Volkswagen monitoring data dump threat from 8Base ransomware crew

The 8Base ransomware crew claims to have stolen a huge data dump of Volkswagen files and is threatening to publish them, but the German car giant appears to be unconcerned.

The extortionists, who first came to light in 2022, posted a warning on their dark web page claiming to have detailed files stolen from Volkswagen, amongst others.  The date for the data release was set for September 26 but so far no data has been made public. It may be that this is a false alarm. “The incident is known. The IT infrastructure of the Volkswagen group is not affected. We continue to monitor the situation closely,” a spokesperson told French news site LeMagIT, adding that the business “has been aware of this for some time. It is not something new or surprising.”

Anonymous Sudan DDoS Service Disrupted, Members Charged by US

The US Justice Department on Wednesday announced charges against two Sudanese nationals over their alleged roles in the DDoS attacks launched by Anonymous Sudan. Anonymous Sudan is known for launching highly disruptive DDoS attacks against critical infrastructure, businesses and government organizations around the world. The cybercriminals also offered DDoS attack services to others who wanted to take down websites and online services. The hacker group has taken credit for cyberattacks on ChatGPT,  Associated Press, Microsoft, X, and Telegram, among many others.