Channel Futures – The U.S. federal government depends on the private sector to help protect critical infrastructure. That’s no small feat for utilities and companies to accomplish, given the increasing frequency, intensity and variations of attacks from nation states and bad actors. With frustrations running high, the idea of retaliating or attacking pre-emptively inevitably comes to mind. But the idea was tabled in the past due to several restrictive circumstances ranging from legal liabilities to technical difficulties. Now the battlefront is changing again, and so is the technology in the arsenal, reigniting dreams of shifting security from defense to offense.

Decipher – Over the past year, chip makers, operating system vendors, and browser makers have released multiple software updates addressing the two broad classes of flaws—Meltdown and Spectre—which attackers can abuse to access protected areas of a processor’s memory. It is becoming more apparent that side channel attacks affect all microprocessors with the speculative execution feature (which is most of them!), making them more widespread than was originally believed.

CNET – A flaw in a popular electric scooter has added to the list of safety concerns surrounding the devices, which have invaded several US cities in the past year. The Xiaomi M365 is an electric scooter used by some scooter rental companies that contains a flaw that could allow a hacker to take full remote control over the vehicle, including causing the scooter to suddenly accelerate or brake, according to information released Tuesday by security research group Zimperium.

Infosecurity – The European Commission is trying to recall a German-made children’s smart watch model over security concerns that hackers could communicate with or monitor the wearer. It issued a recall notice under the Rapid Alert System for Non-Food Products (RAPEX), claiming the risk level is “serious.” It says that the Safe-KID-One device produced by Hamburg-based Enox Group does not comply with the Radio Equipment Directive and all models should be recalled from end users.

Verdict – The EU has recalled a smartwatch over concerns that a security flaw could let a malicious user locate children wearing the watch, highlighting the danger of manufacturers rushing internet-connected devices to market without paying due diligence to IoT security.

ComputerWeekly – The increasing complexity of security threats facing enterprises is leading to DevSecOps approaches, which combine operations and development with security, so that all business units are involved in security operations.

Fifth Domain – Renee Beckloff never envisioned that the first part of her cybersecurity career would include an expectation to trace electrical wires while in a skirt. Yet, it was common for her bosses to require her to wear skirts while out of the office, even if it meant bending down awkwardly on a raised floor to seek out wire sources.

TechSpective – 2019 is underway. Two weeks down, fifty to go. Technology continues to evolve rapidly and the threat landscape is constantly shifting. It’s challenging for organizations to try and stay a step ahead of cybercriminals and break out of the cycle of just reacting to the exploit du jour. Cybersecurity experts from IOActive are here to help, though, with insight on what to expect in the year ahead.

techspective – 2019 is underway. Two weeks down, fifty to go. Technology continues to evolve rapidly and the threat landscape is constantly shifting. It’s challenging for organizations to try and stay a step ahead of cybercriminals and break out of the cycle of just reacting to the exploit du jour. Cybersecurity experts from IOActive are here to help, though, with insight on what to expect in the year ahead.

Dark Reading – In-flight airplanes, social engineers, and robotic vacuums were among the targets of resourceful white-hat hackers this year.

It was a year where malicious hackers waged shockingly bold – and, in some cases, previously unimaginable – false flag attacks, crypto-jacking, social engineering, and destructive malware campaigns.