Cybercrime may cost the global economy as much as $6 trillion annually by 2021, and the threats are becoming increasingly sophisticated, a cybersecurity expert said on Friday at a conference focused on threats facing international business. Additonally, cyberattacks are so prevalent that they represent "... the greatest wealth transfer in history...
Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard.
Password managers are the vegetables of the internet. We know they're good for us, but most of us are happier snacking on the password equivalent of junk food. For seven years running that's been "123456" and "password"--the two most commonly used passwords on the web. The problem is, most of us don't know what makes a good password and aren't about to remember hundreds of them every day.
Drone aircraft used to be prohibitively expensive, but now you can buy a camera-equipped drone that talks to your smartphone for under $100. The US Department of Homeland Security has issued an alert that drones manufactured by Chinese firms might have become a little too accessible. The DHS says much of the data collected by these drones ends up on servers in mainland China where the Chinese government can access it.
Lawmakers moved on a host of bills this week centered around educational technology, including legislation aimed at restoring student privacy, bolstering the nation’s cybersecurity workforce, funding school security and better understanding participation in science and technology-related subjects among underrepresented groups.
Personnel working in cyber must continually look for opportunities to learn, say cyber professionals from across government. During a morning panel discussion on the final day of the AFCEA TechNet Cyber conference in Baltimore, high-ranking officials from the Defense Department, Department of Homeland Security and National Security Agency discussed a wide range of issues concerning the cyber workforce today and tomorrow.
“The simple reality is there are so many 0-day exploits for iOS,” Stefan Esser, a security researcher that specializes in iOS, wrote on Twitter. “And the only reason why just a few attacks have been caught in the wild is that iOS phones by design hinder defenders to inspect the phones.”
Thus far, no attacks actually utilizing Spectre and Meltdown have been spotted in the wild, beyond proof-of-concept work submitted by researchers. Similarly, taking advantage of MDS is trickier than this website implies. Attackers can’t directly control what’s in the buffers they target, for example, which means the exploit may leak old, stale data of no interest. Microcode updates for systems with Sandy Lake through Kaby Lake CPUs have already shipped out to customers. First-generation-and-following Coffee Lake and Whiskey Lake CPUs are immune to this attack already.
Recruiting and maintaining a cybersecurity workforce is a complicated challenge for the government. According to the Information System Security Certification Consortium, 85 percent of cybersecurity professionals would consider leaving their current jobs. Information technologists do not need to search for positions that are exciting, respect their expertise, help them become more marketable and pay well because as many as 18 percent of non-active job seekers are contacted daily by employers seeking them out.
Officials hammered out a set of non-binding proposals published at the end of a two-day meeting organized by the Czech government to discuss the security of new 5G networks. The meeting comes amid a simmering global battle between the U.S. and China's Huawei, the world's biggest maker of network infrastructure equipment. The U.S. has been lobbying allies to ban Huawei from 5G networks over concerns China's government could force the company to give it access to data for cyberespionage.