Citrix Systems is targeted in a state-sponsored cyber attack seeking government secrets. Meanwhile, the U.S. is struggling to find the security talent it needs in government. And why you might want to avoid the temptation to use your smartphone as a car key.
The Iridium hacking group launched two cyber attacks against Citrix Systems and extracted terabytes of data, NBC News reports. The hacker group is linked to Iran, and the suspicion is they are after the U.S. government data that Citrix holds. The firm counts the White House, the U.S. military, and the FBI among its clients. Cyber security firm Resecurity uncovered the attack, notifying Citrix and law enforcement. Citrix released a statement that they’d been informed by the FBI that they were under attack. They also confirmed that hackers “may have accessed and downloaded business documents.” But also say there’s no evidence that any Citrix product was compromised. Resecurity tells a different story, saying hackers may have infiltrated Citrix’s network a decade ago and lurked there ever since. The ultimate goal is likely to gain direct access to the internal networks of the U.S. government.
U.S. President Donald Trump made a promise to improve cyber security when he took office, but did he? Not in the opinion of three-quarters of digital security experts, according to a poll from the Washington Post. To improve the situation, the U.S. government is turning to a new strategy – training cyber security talent instead of trying to recruit it. The Cyber Reskilling Academy is a program that will retrain current federal employees to defend against hackers. Given that there’s currently 285,000 vacant cyber security jobs in the U.S. federal government, they’d better get started soon. In Canada, the cyber security strategy released by the federal government last June also acknowledge the talent shortfall. It suggests encouraging graduates from both technical and arts disciplines to specialize in cyber security skills. This would provide a wide variety of backgrounds collaborating together on shoring up security shortfalls.
Turning down a different road now, researchers have discovered security flaws in three different car alarms. Alarm makers Clifford, Viper, and Pandora are used in more than 3 million vehicles. That’s bad news for those owners, because security researchers were able to exploit bugs. This allowed them to turn on the car alarm, unlock the doors, and even start the engine. Most of the problems the researchers found related to access control problems. Once you had a user account with the alarm’s mobile app, there were ways to change the passwords of other users. It just goes to show that sometimes, the most secure thing to do is to not use connected technology. Car keys have worked pretty well for the past century, maybe we should just stick with them.