Skip to content
Home » Blog » Cyber Bits: March 25, 2024

Cyber Bits: March 25, 2024

This week, the most recent FortiClient EMS exploit has been weaponized, dark web marketplaces were taken down, and unpatchable side-channel vulnerabilities in Apple Silicon.

Links: Bleeping Computer

The FortiClient EMS exploit, CVE-2023-48788, has its first proof of concept created. The exploit allows for remote code execution with SYSTEM privileges by exploiting a weakness and chaining attacks with the packaged SQL database. A word of caution: if you’re running FortiClient EMS versions 7.0 (7.0.1 through 7.0.10) and 7.2 (7.2.0 through 7.2.2), you may want to stop reading this article and add this to your patch management cycle.

Nemesis market seized by German authorities

Links: Bleeping Computer

German authorities Federal Criminal Police Office(BKA) and the Frankfurt cybercrime combating unit (ZIT) announced that infrastructure supporting the Nemesis Market has been seized, interrupting service to its patrons. The marketplace was launched in 2021 and has been supporting various offerings for hacker groups, alongside other items.

Links: Bleeping Computer

A new side-channel attack dubbed “GoFetch” impacts Apple silicon processors, allowing attackers the capability to steal secret cryptographic keys from the processor’s cache. Because this vulnerability is hardware-based, there’s no fix in sight. Apple has been mum on a response, directing inquiries to a section for cryptography on their Apple Developer site.