Computer core processors using a "speculative execution" have a "serious security flaw," according to researchers from Google's Project Zero. The speculative execution functionality is "a technique used by most modern processors (CPUs) to optimize performance," according to Google’s Matt Linton, senior security engineer, and Matthew O'Connor, Office of the Chief Technology Officer. The flaws, dubbed "Spectre" and "Meltdown," make aspects of the computer memory vulnerable to cyber attacks.
Hacker
The U.S. government took a vital tangible step toward clearly defining rules of cyber war when the Department of Justice unsealed an indictment on March 15 accusing two operatives of Russia’s Federal Security Service (FSB) and two hired computer hackers of being behind last year's massive cyber breach of Yahoo.
If you can’t beat the hackers, join them—or at least act like them. By hacking a system from within, security experts can identify vulnerabilities and try to stay one step ahead of increasingly sophisticated cyber criminals. Thinking like an attacker cultivates an offensive mindset that leads to streamlined systems that incorporate the best of human skills and automated capabilities to shore up defenses from the inside out.
When we think of cyber attacks, we generally picture a lone wolf hacker or Anonymous-type organization. But foreign governments are also formidable threats. Take a moment to scan the headlines and you’ll see that articles about cyber hacks on Sony Pictures Entertainment and the Democratic National Committee—among many others—have been attributed to North Korea and Russia.
Air gapping is a security measure that isolates a computer or a network so it cannot be accessed or hacked by an external entity. It's a useful technique that adds a security layer for companies and government agencies, especially those handling classified, confidential information often susceptible to hacking attempts. Although air-gapping systems offer extra security, recent malware-based attacks and other threats have created a new set of risks that organizations must manage in unique ways.
The federal government cautioned its agencies and federal contractors of a network vulnerability that could let hackers access systems. The scurry to inform agencies and instruct them to patch for vulnerabilities occurred after the discovery of unauthorized code during a review of Juniper Networks software.
Juniper is one of the largest providers of firewalls and network software, and the Defense Department is one of its larger federal customers. The revelation prompted federal oversight into the incident, including by officials from the Pentagon and the Department of Homeland Security, amid fears that the hack could permit spying of users' networks.
If you thought 2015 was a grueling cybersecurity year, hang on.
“It’s the nightmare waiting to be dreamt,” Bob Hansmann, director of security analysis and strategy for Raytheon-Websense Security Labs says of the next 12 months.
Let’s begin with the 2016 presidential race, which experts predict will launch a slew of new lures and malware intent on defrauding, deceiving and debunking contributors and the candidates and their campaign coffers.
“Candidates and others, even news agencies covering [the race], may be involved as victims targeted by organizations like the Syrian Electronic Army or hacktivists or anyone else with a counter political agenda,” Hansmann warns.
The significant federal government cyberbreach that let hackers swipe the personal data of more than 4 million current and former federal employees has all the trappings of a targeted nation-state attack aimed at gleaning critical information on federal workers; and current cyber protection methods might not be enough to prevent future attacks, one expert says.
Hackers breached computer systems of the Office of Personnel Management (OPM) in December, stealing data including Social Security numbers, job assignments, performance reviews, insurance details and training certificates. Officials detected the breach in April.
On the same day that news headlines implicated Russian hackers in a significant cyber attack and breach on the White House, officials attending a cybersecurity summit Tuesday in the nation’s capital warned of the uptick in the number of nation-state sponsored cyber attacks against the U.S. government and businesses.
The amplification could be worrisome because cybersecurity experts already cannot keep up with, much less get ahead of, the cyber activities that pose a national threat and have risen to the level of a national emergency.
Over the next two days, hackers from across the globe will team up on nearly every continent for the second Random Hacks of Kindness (RHoK) event aimed at finding solutions to real-world problems caused by natural disasters. It's a 48-hour marathon of competitive computer coding with the best and brightest developers in Washington, D.C.; Sydney, Australia; Nairobi, Kenya; London; Jakarta, Indonesia; and Sao Paolo, Brazil.
The recent rash of cyber attacks on major U.S. companies has drawn renewed focus on network vulnerabilities, both in commercial and governmental sectors, and not just on external attackers but on potentially more ominous threats posed by insiders.