Week in review: Meltdown, Spectre, online tracking, and cryptojacking

Here’s an overview of some of last week’s most interesting news and articles:

Meltdown and Spectre: Data theft hardware bugs affect most modern CPUs
A design flaw in most moder processors can be exploited to allows a program to access the memory of other programs and the OS, as well as allow attackers to trick applications into accessing arbitrary locations in their memory and leaking their secrets. Chip and browser makers are moving to mitigate the risk of attacks.

80% of smartphones will have on-device AI capabilities by 2022
As the smartphone market shifts from selling technology products to delivering compelling and personalized experiences, AI solutions running on the smartphone will become an essential part of vendor roadmaps over the next two years.

Ad targeters exploit browsers’ password managers to track users online
Ad targeters are exploiting browsers’ built-in login managers to covertly collect hashes of users’ email addresses, to be used to track them across the web.

PyCryptoMiner ropes Linux machines into Monero-mining botnet
A Linux-based botnet that has been flying under the radar has earned its master at least 158 Monero (currently valued around $63,000).

What’s next in IT outsourcing? 6 trends to watch
As more companies consider service providers as an extension of their own enterprise, an increasing number are choosing to outsource business functions to trusted partners, especially when it comes to information technology. Here are six trends that will come to the forefront over the coming year, including a growing emphasis on partnerships and a heightened demand for specialization in emerging technologies like IoT and AI.

How to keep your browser and devices safe from cryptojackers
Cryptojacking makes surfing the web similar to walking through a minefield: you never know when you might land on a booby-trapped site. So what can you do to prevent your browsers/devices being hijacked to do the miners’ work?

2018: The year of the NIS Directive
In 2017 the GDPR buzz reached peak intensity, even in the cybersecurity community. It practically drowned out any mentions of another important upcoming EU law: The Network and Information Security (NIS) Directive.

Make 2018 your year of taking password security more seriously
The popularity of passwords as a means of authentication is still not waning, so advice on how to opt for passwords that are hard to guess and crack is always timely.

DHS insider breach resulted in theft of personal info of staff and people involved in investigations
The US DHS Office of Inspector General (OIG) has confirmed that the “privacy incident” discovered in May 2017 resulted in the theft of personally identifiable information of DHS employees and individuals associated with investigations.

Four misconceptions around compensating controls
With GDPR coming into effect in late May, businesses around the world are running out of time to prepare or else risk facing reputation and financial ruin. The best preparation will include companies phasing out the use of compensating controls to ensure proper compliance and the health of their company.

Smart cars need smart and secure IT/OT Infrastructures
IT can fail. It often does. We restart IT, and life goes on. When Operations Technology (OT) fails, the consequence is of a different nature – arguably far more significant and far more serious.

Healthcare organizations and the cloud: Benefits, risks, and security best practices
Ensuring organizations’ sensitive data is being monitored and protected (24/7) is key and having analysts who clearly understand security in the cloud is critical.

Security pros waste 10 hours a week due to inefficient systems
Process and software inefficiencies play a major role in slowing down an organization’s ability to detect and respond to cyber threats.

Building a program for GDPR compliance: Can you answer these key questions?
To realistically achieve GDPR compliance in time for the May 25, 2018 deadline, organizations should first ask themselves several questions.
Cybersecurity in 2018: Three predictions and one hope
As you consider your security strategy and investments for the coming year, here are three key trends that will define the threat landscape in 2018, and one hope for a more effective approach to protection.

36 fake security apps removed from Google Play
Posing as legitimate security solutions, and occasionally misusing the name of well-known AV vendors like Avast, the apps seemed to be doing the job: they showed security notifications and other messages, warned users about malicious apps, and seemingly provided ways to fix security issues and vulnerabilities.

More about

Don't miss