Phoenix Technologies' SecureCore UEFI firmware solution has a high-severity vulnerability that could affect hundreds of PC and server models using Intel processors. Researchers at Eclypsium discovered the vulnerability called "UEFIcanhazbufferoverflow," using an automated analysis system. A local attacker can escalate privileges and execute arbitrary code in UEFI firmware during runtime using the security hole. Eclypsium warned that the Black Lotus UEFI rootkit may exploit this vulnerability.

Two men from New York and Rhode Island have recently pleaded guilty to hacking into a database maintained by a US federal law enforcement agency and using stolen personal information to extort people.  The Department of Justice (DoJ) said Sagar Steven Singh, 20, and Nicholas Ceraolo, 26, were part of an extortion group called Vile, which sought to harvest personal information and then post or threaten to post it on a public website, an action referred to as doxing.  Victims were then asked to pay the miscreants to have their personal information removed from the website.

Due to the many features of Internet-connected gym machines, IBM X-Force Red researchers decided to explore their user data security and whether there was any risk to users' physical safety. The team researched smart treadmills from Precor, a leading fitness equipment brand with over 143,000 machines containing Internet-connected consoles. Using an exposed SSH key pair, the researchers gained root-level access to three console versions and showed that treadmill belts can be stopped remotely, which could harm users.

The cyber espionage actor "UNC3866," linked to the zero-day exploitation of Fortinet, Ivanti, and VMware security flaws, uses multiple persistence mechanisms to maintain access to compromised environments. According to Mandiant researchers, the persistence mechanisms involved network devices, hypervisors, and Virtual Machines (VMs). The adversary has exploited zero-day flaws impacting Fortinet FortiOS, VMware vCenter, and VMware Tools to deploy backdoors, steal credentials, and more. This article continues to discuss findings regarding UNC3886 espionage operations.

The cryptocurrency exchange Kraken has revealed that alleged security researchers stole $3 million in cryptocurrency using a zero-day website bug. Chief Security Officer Nick Percoco disclosed that the exchange's security team received a vague bug report about an "extremely critical" flaw. It enabled anyone to artificially increase a Kraken wallet's balances. Kraken investigated the report and found a bug that allowed attackers to initiate deposits and receive funds even if the deposit failed.

Broadcom has addressed three VMware vCenter vulnerabilities, two of which are critical and enable Remote Code Execution (RCE). Hackers continue to target Virtual Machines (VMs) due to their rich repositories of sensitive data and applications. VMware vCenter is the central management console for VMware virtual environments, viewing and managing VMs, multiple ESXi hosts, and all dependent components. Heap overflow vulnerabilities were found in vCenter's Distributed Computing Environment/Remote Procedure Call (DCERPC) implementation.

New guidance from the Chartered Institute of Information Security (CIISec) advises employers to reach candidates outside traditional channels. The "Recruitment and Retention in Cybersecurity" report, written with ISC2, notes that while the global cybersecurity workforce reached a record 5.5 million last year, the skills shortfall increased by 12.6 percent. This challenge can be addressed in several ways, including by recruiting young talent in gaming centers. This article continues to discuss suggestions regarding recruitment and retention in the cybersecurity field.

AMD has launched an investigation after a well-known hacker announced the sale of sensitive data that allegedly belonged to the company. The hacker known as "IntelBroker" announced on the BreachForums cybercrime forum that he was selling the AMD data, which allegedly includes information about future AMD products, customer and employee databases, datasheets, source code, property files, firmware, and financial documents. The employee database allegedly contains information such as names, job roles, phone numbers, and email addresses.

Researchers at Recorded Future warn that cryptocurrency users are being targeted with legitimate-looking but fake apps that deliver information-stealing malware. The threat actor behind this operation targets both Windows and Mac users, using social media and messaging platforms to trick them into installing the malicious apps. This article continues to discuss how cryptocurrency users are getting tricked into downloading the malware.

The US and Indonesia recently conducted their first port-focused cybersecurity tabletop exercise to improve responses to cyberattacks on critical maritime infrastructure. According to the US Department of Homeland Security (DHS), the exercise simulated major cyber incidents and ransomware attacks on port operations, ship-to-shore cranes, and other aspects of maritime activity. This article continues to discuss the port-focused cybersecurity tabletop exercise and the importance of combating cyber threats in the maritime environment.