Brace yourself for a flood of patches in all of your tech gadgets

On April 7, Anthropic unveiled its most powerful AI model to date. Mythos, it said, will help companies discover vulnerabilities and implement fixes in software models, surpassing “all but the most skilled humans.”

Now the patching from that analysis is about to get underway. And people who ignore the updates could find themselves under siege by hackers.

Mythos, Anthropic said, found coding weak spots in every operating system and web browser, some of which had been lying in wait for decades. One flaw in OpenBSD, which was designed with security top of mind, had apparently been hidden deep in the code for 28 years.

To ward off a possible feeding frenzy from hackers, who exploit weak spots in code, Anthropic has given 40 major tech companies—including Apple, Google, and Amazon—early access to Mythos, letting them identify and fix any previously unknown backdoors.

That means your devices are going to alert you to update them. While it’s easy to convince yourself to put that off for a few hours or a day or more, this is a time you’ll want to update as soon as you get the notification.

Patches fix the problem, but those fixes can also be reverse engineered by hackers to learn the source of the vulnerability. And, knowing that people are lazy when it comes to system updates, bad actors will work quickly to find a way to exploit those weaknesses in unpatched systems.

A critical time for security

The discovery of several new vulnerabilities in operating systems, web browsers, and more comes at an especially delicate time. Since the U.S. began “major combat operations” against Iran in late February, authorities have warned of an expected online counterattack by state-sponsored hackers.

So far, the U.S. hasn’t seen the sort of activity that some feared, but hacker groups have managed to land some blows. Medical equipment maker Stryker, for instance, saw a global outage across its system. FBI Director Kash Patel saw his personal email compromised. And the Iran-linked Handala claimed last month to have published the personal data of dozens of Lockheed Martin employees stationed in the Middle East.

Some experts say bigger attacks could still be looming.

“Early-stage cyber activity tends to prioritize disinformation generation, intelligence collection, access development, and operations that directly support military objectives,” says Matt Hull, VP of cyber intelligence and response at NCC Group. “The absence of widely reported incidents should not be interpreted as a lack of activity, but rather as an indication that much of it is occurring below the threshold of public detection.”

What you should do

To protect your personal and/or business devices, you’ll need to be vigilant. That means acting immediately when your device, browser, or software alerts you that an update is available. If you haven’t already enabled auto-updates on your system, this is a good time to do so.

Beyond that, there are several other ways to protect yourself.

Back up your data often. Backups are just good cyber hygiene. Ransomware attacks might hold your data hostage, but if you have an up-to-date copy of that data, it’s much easier to recover.

Get educated.The primary way many hackers worm their way into a system is via phishing emails and malware. Training yourself, or your employees, not to click on unknown links or open attachments can keep those intruders outside the system.

If you’re a business owner, hold regular cybersecurity training events and be sure workers know what to be on alert for.

Pay attention to authentication. This would be a good time to consider updating your passwords, or transitioning to a passkey login, which often uses a facial or fingerprint scan. These work by generating a pair of keys (one public, which is stored in the cloud, and one private, which is stored on the device). If a server is compromised, accounts are still protected, as the hacker won’t have both sets of keys.

Update hardware and software. If you’re still running an old version of Windows or macOS, or have held on to an older PC or smartphone longer than your peers, it might be time to bite the bullet and upgrade. If your device has reached its end-of-life date, that means the manufacturer will not offer any security updates, making you especially vulnerable. Check with either the product’s manufacturer or a third-party site, such as endoflife.date, to see if your device has crossed this threshold.

View the full article