US Unveils New Cybersecurity Strategy to Counter Russia and China

The US State Department has released a new cybersecurity strategy aimed at countering Russia and China's digital influence in the developing world. The strategy, announced by Secretary of State Antony Blinken, seeks to promote a vision of cyberspace that rejects digital repression.  The policy   includes measures that would expose hackers and propagandists, rallys support for a institutions that promotes innovation and competition, and isolates autocratic regimes that control the flow of information. The move comes as the US and other countries seek to promote a more secure and democratic online environment, in the face of increasing cyber threats from Russia and China.

UK Defence Secretary Names Contractor in MoD Hack

UK Defence Secretary Grant Shapps has confirmed that Shared Services Connected Ltd (SSCL) was the contractor running the Ministry of Defence's payroll system that was hacked by China, exposing names, addresses, and bank details of current and former military personnel. China has denied the allegations, calling them "completely fabricated and malicious slanders". The government has launched an investigation and is reviewing SSCL's work across government, with Labour's shadow defence secretary John Healey calling for answers and criticizing the government's response. An eight-point plan has been launched to support and protect those potentially affected, with Secretary Shapps apologizing for the breach, stating that "it should not have happened".

US Deploys Commerce and Communications to Combat Cyber Threats

Secretary of State Anthony Blinken announced that the US government is taking steps to address cybersecurity challenges, including quantum computing, cloud strategies, and generative AI. The government is working to secure sensitive technology hardware and prevent advanced technologies from falling into the wrong hands. Measures include restricting semiconductor exports and partnering with trusted countries to build a secure quantum ecosystem. Additionally, the US is investing in secure infrastructure to connect regions globally and placing trained digital officers in every embassy by the end of the year. However, some cybersecurity professionals have criticized the speech for being overly optimistic and not acknowledging the reality of today's cybersecurity threats.

New 'Pathfinder' Attack Targets Intel CPUs, Leaks Encryption Keys and Data

Researchers have discovered a new Spectre-style attack, dubbed "Pathfinder," that targets high-performance Intel CPUs and can be used to leak encryption keys and data. The attack exploits the branch predictor's Path History Register (PHR) to induce branch mispredictions and execute unintended code paths, exposing confidential data. Demonstrations have shown the method can extract secret AES encryption keys and leak secret images during libjpeg image processing. Intel has acknowledged the attack, stating that previously deployed mitigations for Spectre v1 and traditional side-channels mitigate the reported exploits. No evidence suggests the attack impacts AMD CPUs.