A bipartisan group of lawmakers on Monday unveiled legislation that would create cybersecurity standards for internet-connected devices, often known as the “internet of things.” The bill, introduced in the Senate by Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo.) and in the House by Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.), would require established standards for government use of the devices.
Fearing that China could be spying on them using power cords and plugs, several U.S. technology companies have asked their Taiwanese suppliers to shift production of some components out of the mainland, Nikkei Asian Review reported on Friday.
No piece of software is perfect, and sometimes vulnerabilities can go undiscovered for a long time. For instance, a WinRAR flaw was out in the open for almost two decades. Google’s latest Chrome bug isn’t that old, but it’s much more dangerous. Google has issued a patch for the vulnerability, but this is a “zero-day” flaw, meaning there are already online troublemakers using the vulnerability to attack Chrome. If you haven’t let Chrome update recently, take the time to do it now.
In a first-of-its-kind report, The State of Cybersecurity: 2018 Year In Review found that K-12 schools suffered at least 122 cybersecurity incidents in 2018, nearly 60 percent of which resulted in personal data being compromised. The K-12 Cybersecurity Resource Center has been tracking K-12 cybersecurity incidents since 2016 using its interactive K-12 Cyber Incident Map.
Chinese hackers singled out over two dozen universities in the US and around the world in an apparent bid to gain access to maritime military research, according to a report by cybersecurity firm iDefense, which was obtained by The Wall Street Journal. The hackers sent universities spear phishing emails doctored to appear as if they came from partner universities, but they unleashed a malicious payload when opened. Universities are traditionally seen as easier targets than US military contractors, and they can still contain useful military research.
The researchers presented their findings in a paper distributed through ArXiv and came to the conclusion that all processors that perform speculative execution will always remain susceptible to various side-channel attacks, despite mitigations that may be discovered in future. It is just over a year since the Meltdown and Spectre flaws were first disclosed. Spectre is a hardware vulnerability that affects microprocessors that can potentially be exploited by malware, which can infiltrate data being processed by the CPU.
Businesses and government agencies in the United States have been targeted in aggressive attacks by Iranian and Chinese hackers who security experts believe have been energized by President Trump’s withdrawal from the Iran nuclear deal last year and his trade conflicts with China.
Nineteen minutes. That’s how long the average victim of a Russian state-sponsored hacking group has to react before the initial penetration of a network becomes wider access, theft, and destruction, according to data published today by computer security company CrowdStrike.