1.
Open Source Insight:
Meltdown, Spectre Security Flaws “Impact Everything”
Fred Bals | Senior Content Writer/Editor

2.
Cybersecurity News This Week
Welcome to 2018, with two major security flaws revealed that makes any
computer device that has chips from Intel, AMD and ARM at risk. One
security flaw, dubbed Meltdown, impacts Intel semiconductors, enabling
enabling bad guys to steal passwords. The other security flaw, Spectre,
impacts chips from all three companies. During an interview with CNBC
covered by Reuters, Intel’s chief executive noted that “Phones, PCs,
everything are going to have some impact, but it’ll vary from product to
product.”
In other cybersecurity news, we look at 10 open source technologies you
need to know about, cybersecurity predictions for 2018, and an interesting
white paper published by the University of Michigan on identifying
cybersecurity threats in connected vehicles.

3.
• Today's CPU Vulnerability: What You Need
to Know
• Meltdown, Spectre: What We Know About
the Major Cyber Security Flaws and How to
Protect Yourself
• Cyber Security Predictions 2018
• Reshaping Automotive Design
• Threat Identification Tool for Cybersecurity
in Self-Driving Cars
Open Source News

4.
More Open Source News
• Assessing Risk: Identifying and Analyzing
Cybersecurity Threats to Automated Vehicles
• Containers and the Question of Trust
• 10 Open Source Technologies You’ll Need to Know
in 2018
• Zealot Loads Cryptocurrency Miner on Linux,
Windows Machines
• Is Breach of the GPL License Breach of Contract?

5.
via Google Security blog: Last year, Google’s Project
Zero team discovered serious security flaws caused by
“speculative execution,” a technique used by most modern
processors (CPUs) to optimize performance. These
vulnerabilities affect many CPUs, including those from AMD,
ARM, and Intel, as well as the devices and operating systems
running on them.
Today's CPU Vulnerability: What You Need to Know

6.
Meltdown, Spectre: What We Know About the Major
Cyber Security Flaws and How to Protect Yourself
via Newsweek: The discovery of massive cyber security flaws
affecting nearly every computer and device has sent developers
across major platforms around the world racing to roll out fixes
for the bugs.

7.
via ITProPortal: 2017 was certainly a year
to be noted for cyber-attacks and 2018 is
going to be equally scorching. Expect
more devastating cyber attacks aimed at
businesses and even mobile phones next
year.
Cyber Security Predictions 2018

8.
Reshaping Automotive Design
via Semiconductor Engineering: In markets such as mobile
phones or computers, if any part of a system failed, it typically was
patched with software and replaced in the next rev of a product,
which usually was sometime in the next few years. But with safety
critical markets, such as automotive, industrial or medical, these
parts need to function reliably for 10 to 15 years.

9.
via Phys Org: Hypothetical scenarios—posited in a
new white paper by University of Michigan researchers
working with Mcity—illustrate the breadth of the
cybersecurity challenges that must be overcome before
autonomous and connected vehicles can be widely
adopted. While every new generation of auto tech brings
new security risks, the vulnerabilities that come along with
advanced mobility are both unprecedented and under-
studied, the paper states.
Threat Identification Tool for Cybersecurity in
Self-Driving Cars

10.
Assessing Risk: Identifying and Analyzing
Cybersecurity Threats to Automated Vehicles
via University of Michigan: Driverless vehicles will be at
least as vulnerable to all the existing security threats that
regularly disrupt our computer networks. That could
include data thieves who want to glean personal and
finance information, spoofers who present incorrect
information to a vehicle, and denial-of-service attacks that
move from shutting down computers to shutting down
cars.

11.
via SC Magazine: Existing software
development and security methodologies may
need to be modified to better support a new way
of developing, running, and supporting
applications made possible by containerization
says Black Duck technical evangelist, Tim
Mackey.
Containers and the Question of Trust

12.
10 Open Source Technologies You’ll
Need to Know in 2018
via Datamation: In Black Duck's 2017 Open Source 360° Survey, 77
percent of enterprises surveyed said they use open source to build
internal applications, 69 percent said that they use it to create
customer applications and 69 percent said that open source powers
their infrastructure. And 48 percent of those surveyed said that the
number of people in their organizations contributing to open source
is increasing.

13.
via Linux Insider: The increased use of open
source applications and the growing popularity of
cryptocurrency have created more opportunities for
bad actors, according to Mike Pittenger, vice
president of security strategy at Black Duck
Software.
Zealot Loads Cryptocurrency Miner on Linux,
Windows Machines

14.
Is Breach of the GPL License
Breach of Contract?
via Black Duck blog (Michael Riskin, Associate, Intellectual
Property, Fenwick & West LLP): While courts have found that breach
of an open source license can result in IP infringement, until now courts
had not definitively ruled whether breach of an open source license is a
breach of a contract.

15.
Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.