Kerry Wan/ZDNETFollow ZDNET: Add us as a preferred source More

Image: Matt Cardy/Getty Images
The Australian government has cancelled the SkyGuardian armed drone program for the Royal Australian Air Force. The funding is being redirected to the newly-announced REDSPICE cybersecurity and intelligence program. REDSPICE, the Resilience, Effects, Defence, Space, Intelligence, Cyber and Enablers program, is a flagship component of the federal Budget announced on Tuesday. The program aims to double the staffing levels of the Australian Signals Directorate (ASD) over the next four years, creating some 1,900 new jobs. The total program budget is AU$9.9 billion over the next decade, boosting both offensive and defensive cyber capabilities. “This is the biggest ever investment in Australia’s cyber preparedness,” said Treasurer Josh Frydenberg. However in Senate Estimates on Friday, defence officials confirmed that little of this is new money. Of the AU$9.9 billion total, only AU$4.2 billion is budgeted to be spent over the four-year forward estimates period through to 2025–2026. And of that amount, only around AU$588.5 million is new funding. A big chunk of the existing funding will come from the now-cancelled project AIR 7003, a planned AU$1.3 billion program to develop an armed remotely piloted aircraft system. In November 2019, the government had confirmed that defence’s preferred platform was the General Atomics MQ-9B SkyGuardian, a variant of the Predator B drone known in the UK as the Protector. AIR 7003 had been scheduled for government consideration in the current 2021-22 financial year. According to Asia Pacific Defence Reporter, General Atomics had proposed developing a multi-national service hub in Adelaide. “The company has probably spent around $30 million on the project over a decade and is unlikely to recover a single cent,” wrote editor Kym Bergmann. “The scant information available indicates that Defence Minister Peter Dutton has asked the Department to identify projects that need to be cancelled to free up funds to hire more personnel, particularly in support of the cyber security announcement.” According to defence officials, around AU$10 million had been spent on AIR 7003 before its cancellation. The remainder of REDSPICE funding comes from other cancelled projects. This includes about AU$3 billion of “both unapproved and approved” funding which had been allocated to the now-cancelled Attack-class submarines, the SEA 1000 Future Submarine Program, and around AU$236 million for “an ICT remediation project around modernisation and mobility”. Funds also come from previously planned ASD projects which have now become part of REDSPICE. Witnesses before Estimates on Friday morning were unable to shed any light on where the name REDSPICE came from. Related Coverage More

Screenshot by David Grober/ZDNETFollow ZDNET: Add us as a preferred source More

Industrial networks are among those which are vulnerable to the recently disclosed zero-day in the Log4j2 Java logging library, security researchers have warned. The vulnerability (CVE-2021-44228) was disclosed on December 9 and allows remote code execution and access to servers. Log4j is used in a wide range of commonly used enterprise systems, raising fears that there’s ample opportunity for the vulnerability to be exploited. Within hours of the vulnerability being publicly disclosed, cyber attackers were already making hundreds of thousands of attempts to exploit the critical Log4j vulnerability to spread malware and access networks. Each day on from its disclosure, more is being learned about the flaw and now cybersecurity researchers have warned that it could have significant implications for operational technology (OT) networks which control industrial systems – and for a long time. “Given that Log4j has been a ubiquitous logging solution for Enterprise Java development for decades, Log4j has the potential to become a vulnerability that will persist within Industrial Control Systems (ICS) environments for years to come,” said a blog post by cybersecurity researchers at Dragos. And given how easy it is to exploit the vulnerability, combined with the potentially large number of affected applications, researchers recommend an “assume-breach mentality” and active hunting for post-exploitation activity. Dragos says that it has seen attempted and successful exploitation of the Log4j flaw – and has already coordinated a takedown of one of the malicious domains used in these attacks.

Several cybersecurity researchers have already noted that some attackers are exploiting Log4j to remotely run Cobalt Strike – a penetration testing tool that’s often used in ransomware attacks. Many industrial organisations struggle with visibility into their networks due to their complex nature, but it’s important for those running operational technology to know what their network looks like and counter the possibility of attacks attempting to exploit the vulnerability as a matter of urgency. “It’s important to prioritize external and internet-facing applications over internal applications due to their internet exposure, although both are vulnerable,” said Sergio Caltagirone, vice president of threat intelligence at Dragos, “Dragos recommends all industrial environments update all affected applications where possible based on vendor guidance immediately and employ monitoring that may catch exploitation and post-exploitation behaviors,” he added. Researchers suggest that applying the Log4j patch can help prevent attackers from taking advantage of the vulnerability – although the ubiquitous nature of Log4J means that in some cases, network operators might not even be aware that it’s something in their environment which they have to think about.
MORE ON CYBERSECURITY More

Adam Breeden/ZDNETIn the age of smart TVs, convenience reigns supreme. We can access a world of entertainment with just a few clicks, but this comes at a cost: accumulating cache data. Just like on your phone or computer, a cluttered TV cache can lead to sluggish performance, app crashes, and even hinder new content from loading properly.Also: Don’t buy the wrong TV on Prime Day: 4 things I consider when shopping dealsWhat is a cache?A cache (in any digital device) is a temporary storage area where data is kept for quick access. In your smart TV, the cache stores information from apps, websites, and system processes to help them load faster every time you turn it on. Think of it as a bunch of temporary files intended to speed up loading times for frequently accessed information. For instance, when you open a streaming app, the cache might store thumbnails, login details, or recently watched shows. Caches are designed to help your TV load this content more quickly. But over time, the cache can become overloaded with outdated or unnecessary data, which can consequently slow down your TV’s performance. More