“The simple reality is there are so many 0-day exploits for iOS,” Stefan Esser, a security researcher that specializes in iOS, wrote on Twitter. “And the only reason why just a few attacks have been caught in the wild is that iOS phones by design hinder defenders to inspect the phones.”
Thus far, no attacks actually utilizing Spectre and Meltdown have been spotted in the wild, beyond proof-of-concept work submitted by researchers. Similarly, taking advantage of MDS is trickier than this website implies. Attackers can’t directly control what’s in the buffers they target, for example, which means the exploit may leak old, stale data of no interest. Microcode updates for systems with Sandy Lake through Kaby Lake CPUs have already shipped out to customers. First-generation-and-following Coffee Lake and Whiskey Lake CPUs are immune to this attack already.
Recruiting and maintaining a cybersecurity workforce is a complicated challenge for the government. According to the Information System Security Certification Consortium, 85 percent of cybersecurity professionals would consider leaving their current jobs. Information technologists do not need to search for positions that are exciting, respect their expertise, help them become more marketable and pay well because as many as 18 percent of non-active job seekers are contacted daily by employers seeking them out.
Officials hammered out a set of non-binding proposals published at the end of a two-day meeting organized by the Czech government to discuss the security of new 5G networks. The meeting comes amid a simmering global battle between the U.S. and China's Huawei, the world's biggest maker of network infrastructure equipment. The U.S. has been lobbying allies to ban Huawei from 5G networks over concerns China's government could force the company to give it access to data for cyberespionage.
A new Pentagon report said that China uses "cyber theft" and other methods to bolster its military, which the report claims will continue to grow rapidly. "China uses a variety of methods to acquire foreign military and dual-use technologies, including targeted foreign direct investment, cyber theft, and exploitation of private Chinese nationals' access to these technologies, as well as harnessing its intelligence services, computer intrusions, and other illicit approaches," it said.
Senior administration officials said during a call with reporters that the order will create a rotational program for cybersecurity staffers within the federal government to let them work at different agencies and pick up new skills. And they said that other measures in the order, like creating a “President’s Cup Cybersecurity Competition” for cybersecurity, will ultimately improve the quality of cybersecurity staffers in both the government and in the private sector.
World Password Day falls on the first Thursday in May each year and is intended to raise awareness of password best practices and the need for strong passwords. It seems like we all have even more passwords with each passing year, though, and there are some conflicting ideas of what password best practices are, which makes the idea of password security more challenging for the average individual.
With technology becoming a cornerstone of how many schools operate, the risks of getting hacked multiplies, and defending against cyber attacks becomes an important part of any strategic plan. A new report from the IBM X-Force finds attackers are drawn to the education sector owing to the sensitive nature of some emerging research projects and personally identifiable information on students, faculty and organizations associated with universities and schools.
In recent years, the U.S. and its allies have gotten less afraid of attributing cyberattacks to adversaries like Russia, Iran and North Korea, but their attempts to punish those online aggressions are far less united, according to Rob Strayer, the State Department’s deputy assistant secretary for cyber and international communications and information policy.
U.S. energy regulators are pursuing a risky plan to share with electric utilities a secret "don't buy" list of foreign technology suppliers, according to multiple sources. The move reflects the federal government's growing concern that hackers and foreign spies are targeting America's vital energy infrastructure. And it's also raised new questions about the value of top-secret U.S. intelligence if it can't get into the hands of power industry executives who can act on it to avoid high-risk vendors.