This cybersecurity method allows a server\u2019s CPU to create an isolated data environment from a part of the onboard memory. Access to this data is only through the software using it. The cloud operator owning the server and the operating system on the server cannot access, read, or change the data.<\/p>\n
The first set of new virtual machines used in confidential computing are dubbed DCdsv3 and employ Intel-based Xeon processors for servers. Previous virtual machines are known as the DCasv5 and ECasv5 families, and are Advanced Micro Devices-based silicon chips.<\/p>\n
These new servers use a technology called SGX, which ships with Intel\u2019s third-generation Xeon processors in the server CPUs. It has one of the most significant upgrades in its Enclave Page Cache, which helps store the code and data that an app will use in a confidential computing workflow.<\/p>\n
Another new feature lets the organization encrypt each virtual machine\u2019s memory with an individual encryption key utilizing Intel Total Memory Encryption - Multikey, which enables encryption that is always on and gives protection against other tenants residing on the same node.<\/p>\n
The other new set of VMs launched this month are AMD Epyc 7003-based. These chips were introduced by AMD earlier this year and are the latest in AMD\u2019s seven-nanometer Zen 3 core design. These chips contain approximately 64 cores, which run up to 128 processes in total. On average, they provide 19% more instructions per cycle than their predecessors.<\/p>\n
Microsoft\u2019s new virtual machines use SEV-SNP technology that AMD includes as a built-in benefit of the Epyc 7003 series to create confidential computing environments. Microsoft plans to make its confidential virtual machines all available as an infrastructure option in the Azure Kubernetes Service.<\/p>\n
Legal Pressure Allegedly Making BlackMatter Gang Go Dark<\/h2>\n
The BlackMatter group that emerged from the remains of DarkSide seems to be shutting down again. According to its website, the group says it is closing down operations because of mounting pressure from law authorities.<\/p>\n
\u201cDue to certain unsolvable circumstances associated with pressure from the authorities (part of the team is no longer available, after the latest news) - the project is closed,\u201d the VX-Underground message posted to its Twitter<\/a> in Russian and English.<\/p>\n The ransomware group, which offers RaaS or ransomware-as-a-service, will permit its systems to continue interacting over mail to businesses for additional information. It also said in its message that it would let its partners continue to get its ransomware decryptors.<\/p>\n The group\u2019s move was likely forced by law enforcement. What\u2019s more, it follows REvil\u2019s announcement that it was shutting down last month after being hacked by a multi-country law enforcement operation.<\/p>\n Many are still skeptical, especially since BlackMatter is a rebranded version of the DarkSide ransomware group known for the Colonial Pipeline attack.<\/p>\n While the group hasn\u2019t said what \u201clatest news\u201d refers to in its website message, many believe it is related to Europol\u2019s arrest of 12 people<\/a> reportedly involved in \u201cwreaking havoc across the world with ransomware attacks against critical infrastructure.\u201d<\/p>\n BlackMatter appeared first in July and very quickly made its existence known. In September, it conducted three attacks that included two farming co-ops in the US, the NEW Cooperative in Iowa and Crystal Valley in Minnesota, and the Japanese tech giant Olympus.<\/p>\n Many believe that history may repeat itself, and BlackMatter\u2019s remaining members will probably reorganize and begin their activities anew under a different name.<\/p>\n The Federal Bureau of Investigation\u2019s external email system was compromised by hackers earlier this month, resulting in thousands of fake warning emails being sent to people and companies. According to the FBI, the hackers distributed the fake emails from its Law Enforcement Portal system used to communicate with state and local officials. It\u2019s not part of its more extensive corporate email service.<\/p>\n Cybersecurity professionals close to the situation say that, since the emails didn\u2019t include infected attachments, it could mean the hackers accidentally stumbled on the vulnerability in the portal, with no plan to exploit it. According to the post, the subject line was: \u201cUrgent: Threat actor in systems.\u201d The email portrayed itself as a warning from the Department of Homeland Security about a cyberattack. The hackers scraped the email addresses from the American Registry for Internet Numbers (ARIN) database, a nonprofit that manages the distribution of Internet addresses for North America.<\/p>\n The emails referenced an international hacking group known as the Dark Overlord, which allegedly steals data in order to demand significant ransoms for its return. The group reportedly stole episodes of Netflix shows in 2017, and students\u2019 records in several US states.<\/p>\n Cybersecurity professionals say it could have gone much worse, and the FBI most likely dodged the bullet.<\/p>\n The poster pack includes:<\/p>\n The Emotet botnet was once referred to as \u201cthe world\u2019s most dangerous malware.\u201d It has reportedly returned and is being installed on Windows computers with TrickBot malware.<\/p>\n The name Emotet denotes both malware and the botnet used to deliver it. It used to be a regular news item, due to its many malware campaigns and, finally, a US Department of Homeland Security (CISA) warning. Up to July of this year, the botnet had been silent since 2020.<\/p>\n This time around, the malware is back through the TrickBot botnet. TrickBot is another botnet, which Microsoft thought it had taken down in October 2020. According to researcher Luca Ebach from the German cybersecurity firm G Data, Emotet is installed using Trickbot on targeted systems.<\/p>\nFake Cybersecurity Warnings Out After Hacker Accesses FBI Server<\/h2>\n
\nThe Spamhaus Project<\/a>, an international watchdog that tracks spam and related cyber-threats, such as botnets, malware, and phishing campaigns, posted a copy of the alleged spam email on its Twitter account.<\/p>\n\n
![\"CTA\"](\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/88fb277b-8296-40db-9698-b362eb68ccaa.png\")
<\/a><\/span><\/span>\n<\/div>\n![\"Whitepaper](\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2020\/04\/MSPs-Educational-Posters-on-Password-Security.png\")
<\/div>\n<\/div>\nEmotet Botnet Gets Resurrected<\/h2>\n