NEWS ANALYSIS: 2018 was another year of challenges of IT security professionals with no shortage of major vulnerabilities, privacy concerns and data breaches to deal with.
As 2018 draws to a close, it’s a good time to reflect on the year that was in cyber-security, to learn from past mistakes and identify trends that will likely continue into the new year.
2018 saw no shortage of major breaches, new critical vulnerabilities and policy changes that enterprise IT organizations will still be grappling with in one form or another in 2019.2018 was the year of Meltdown and Spectre and it was the year that GDPR came into effect. 2018 was also a year of intense security privacy challenges for Facebook and it was also a year in which tens of millions of Americans had their data stolen in large data breaches.
In this year-end wrap-up, eWEEK looks back at some of the top IT security incidents of 2018.
It didn’t take long for the first major IT security issue to be disclosed in 2018. On Jan. 3, the year kicked off with speculation about a major new critical flaw in Intel chips that ended up with the disclosure of the Meltdown and Spectre CPU flaws. The initial Meltdown and Spectre issues involved three identified vulnerabilities (CVE-2017-5754, CVE-2017-5753 and CVE-2017-5715) and impacted all modern processors, including ones from Intel, Advanced Micro Devices and ARM. The flaws abused design features used by silicon vendors, including a capability known as speculative execution and could have potentially enabled attackers to gain access to system memory.
As it turns out, the initial Meltdown and Spectre disclosure in early January were only the tip of the iceberg, with at least seven different variant disclosed over the course of 2018. The most recent Meltdown and Spectre related flaw is known as Foreshadow and was publicly disclosed on Aug. 14. Over the course of 2018, Intel and operating system vendors alike scrambled to keep up with the flow of Meltdown and Spectre patches, leading to one of the top Linux kernel developers to openly criticize Intel’s handling of the disclosure.
„This was not good. Intel really messed up on this,“ Linux kernel maintainer Kroah-Hartman said at an event in August.
