Cybersecurity Brief: Coalition for Secure AI and AMD Chips Vulnerable to SMM Bypass

Learn more about how we can help your business prevent attacks like this
https://hubs.ly/Q02JyH5Q0
Pentest ROI Calculator: https://hubs.ly/Q02wBB5d0

The Coalition for Secure AI (CoSAI) is an open ecosystem of AI and security experts from industry leading organizations dedicated to sharing best practices for secure AI deployment and collaborating on AI security research and product development.

Learn more here: https://www.coalitionforsecureai.org/

0.0.0.0 Day

A newly discovered critical vulnerability, dubbed "0.0.0.0 Day," exposes a flaw in how major web browsers handle network requests, allowing malicious websites to exploit local services on macOS and Linux devices. The vulnerability, which has existed since 2006, can enable remote code execution by manipulating the IP address 0.0.0.0. This issue affects Google Chrome, Mozilla Firefox, and Apple Safari, but not Windows, due to Microsoft's IP address block. Web browsers plan to block access to 0.0.0.0 to mitigate the risk.

More reading: https://thehackernews.com/2024/08/000...

AMD SinkClose Vulnerability

AMD has issued firmware updates to mitigate the "SinkClose" vulnerability, a nearly two decade-old silicon-level flaw in its EPYC and Ryzen processors. This vulnerability affects the System Management Mode (SMM) and could allow attackers with kernel-level access to implant near-impervious malware. Discovered by IOActive researchers, the flaw resembles a previous Intel vulnerability, making it extremely challenging to fix on improperly configured systems. AMD has released mitigations, emphasizing the sophisticated nature of potential attacks exploiting this flaw.

More reading: https://www.darkreading.com/remote-wo...

00:00 Introduction
00:51 The Coalition for Secure AI (CoSAI)
03:58 0.0.0.0 Day
13:50 Outro