Tag: development | Page 5

White House to discuss software development with tech executives, calling it ‘key national security concern’

December 23, 2021/in Computer Security

The January discussion between tech executives and White House officials is needed because open-source software is widely used but is maintained by volunteers, making it “a key national security concern,” Sullivan said in a letter to tech firms, excerpts of which the White House shared with reporters.

Invitees include software development firms and cloud service providers, according to the White House. A National Security Council spokesperson declined to say which companies had been invited.

The letter follows the discovery this month of a vulnerability in software known as Log4j that organizations around the world use to log data in their applications.

Ransomware gangs and hackers linked with the governments of China, Iran, North Korea and Turkey have moved to exploit the flaw as tech firms and government agencies have raced to apply software patches.

The US Cybersecurity and Infrastructure Security Agency, which has said that hundreds of millions of devices could be exposed to the vulnerability, issued an “emergency directive” on December 17 ordering federal civilian agencies to update their systems.

An agency spokesperson told CNN on Thursday that there is no indication that any agency has been hacked using the vulnerability in Log4j.

While no US agencies have confirmed a breach via the vulnerability, the Belgian Defense Ministry told local media outlets this week that it had shut down parts of its computer network in response to a hack using the flaw.

Cybersecurity executives have called the vulnerability one of the most critical software bugs in years and warned that it could take weeks or months to fully assess the impact.

While the world’s richest companies rely on it, the Log4j software is maintained by a group of volunteers at the nonprofit Apache Software Foundation, who have worked long hours to address the flaw.

The vulnerability in Log4j “will define computing as we know it, separating those that put in the effort to protect themselves and those comfortable being negligent,” said Amit Yoran, the CEO of the Maryland-based security firm Tenable.

It’s precisely that dearth of investment in critical software that the White House wants to address.

President Joe Biden in May…

Source…

Solana on-chain development increases after a recent DDoS attack

December 13, 2021/in Internet Security

Solana — whose native crypto, SOL, is the fifth-largest cryptocurrency by market capitalization — is leading on-chain development charts despite a recent distributed denial-of-service (DDoS) attack.

As per Santiment data, Solana surpassed the daily GitHub submission rates of Polkadot and Cardano to become the leading blockchain over the past month. The number of daily GitHub submissions for Solana reached 90 between Nov. 12 and Monday, followed by Polkadot at 76 and Cardano at 65.

*Daily GitHub submissions Bitcoin, Solana, Cardano and Polkadot from Nov. 12–Dec. 13, 2021. Source: Santiment*

The surge in on-chain development activity for Solana comes in the wake of a recent DDoS attack on Thursday that slowed down the network considerably. The fifth-largest blockchain managed to mitigate the issues without a network shutdown, but it raised serious concerns over network vulnerability.

A DDoS attack refers to a coordinated botnet-targeted activity that overwhelms a network with fake traffic. Many experts blamed the coordinated DDoS attack on fundamental design flaws and Solana’s proof-of-history (PoH) consensus mechanism. Earlier, a Grayscale Investment report also flagged Solana’s PoH use and said:

“The Solana consensus mechanism uses a new blockchain technology that is not widely used, and may not function as intended. There may be flaws in the cryptography underlying the network, including flaws that affect the functionality of the Solana Network or make the network vulnerable to attack.”

In September, the Solana network faced a similar issue when a sudden surge in transaction volume led to a network outage that lasted nearly 17 hours. The engineers at the time failed to resolve the issue, and validators had to eventually restart the network.

The Solana blockchain has emerged as one of the fastest-growing smart contract networks in 2021 and is a growing choice for upcoming decentralized finance and nonfungible token projects. The project’s growing popularity has often drawn comparisons with Ethereum and has been dubbed the “Ethereum killer” by some. However, growing concerns over the fundamentals of the network could prove problematic in the long run.

SOL was eyeing a…

Source…

Software development companies hit hard by cyber crime

December 2, 2021/in Computer Security

Research carried out by cyber crime experts FoxTech has revealed that among the worst industries at risk of cybersecurity breaches are computer software development companies.

These companies had an average cyber risk score of 166, followed by publishing (152), research (115), transportation, trucking and railroad (111), and civil engineering (102).

The cyber risk score, which is calculated using publicly available information and an analysis of a wide range of cyber security indicators, is an immediate indicator of how high or low the risk of a potential cybersecurity breach is for a company, according to FoxTech.

Companies with scores of 75 or more are at extreme risk of cyber attack, while those below 25 are considered to be low risk.

Anthony Green, CTO and cyber crime expert at FoxTech, explains, “We audited hundreds of companies across a wide range of sectors and found that while industries such as banking (cyber risk score 6) and performing arts (cyber risk score 5) are at very low risk of a potential attack, other industries fell woefully short when it came to ensuring their cyber protection was up to scratch.”

However, the issue is not that companies do not care about cybersecurity, but that they are unaware that their IT infrastructure is not robust enough to stave off an attack, Green says.

He says, “In many cases, companies will be entirely unaware that the antivirus or endpoint protection software they have invested in simply isn’t robust or far-reaching enough to prevent a cyber attack from occurring.

“Alternatively, companies might be under the misapprehension that they are safe from attack because they have invested in cloud-based services.

“Sometimes, a company can be exposed by something as simple as poorly managed user accounts, software that is out of date or inadvertently leaving their database visible to the internet and therefore exposed to hackers.”

On average, hackers will spend 207 days between breaching a company’s IT security and exploiting it. Green says this shows that it’s a gradual process rather than something that happens overnight.

He says, “The fact that hackers are going undetected for more than half a year tells us…

Source…

Gilead and AWS Collaborate on Development and Delivery of New Medicines for Patients | Your Money

November 29, 2021/in Mobile Security

SEATTLE–(BUSINESS WIRE)–Nov 29, 2021–

Today, Amazon Web Services, Inc. (AWS), an Amazon.com, Inc. company (NASDAQ: AMZN), announced that Gilead Sciences, Inc. (Nasdaq: GILD), a biopharmaceutical company advancing innovative medicines to prevent and treat life-threatening diseases, has selected AWS as its preferred cloud provider. Innovating on AWS and with the help of AWS experts and partners in healthcare and life sciences, Gilead provides its data scientists with the latest advances in machine learning and analytics. These capabilities fuel data-driven decision making across the organization—from biomarker discovery through manufacturing and clinical trial recruitment—and deliver insights that can help Gilead refine its drug pipeline. The company also relies on AWS to host all workloads for its enterprise resource planning (ERP) transformation project to implement SAP S/4HANA.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20211129005047/en/

“With AWS as our preferred cloud provider, our researchers can use AWS’s portfolio of services to gain the insights, agility, and security needed to deliver new medicines at speed, and treat the individual according to their unique needs, not just the disease,” said Marc Berson, Senior Vice President and Chief Information Officer at Gilead. “AWS’s performance, infrastructure, and scale are the foundations on which we will complete our ERP transformation and become a more efficient, agile, secure, and data-driven business in the cloud.”

Gilead is reimagining its bioinformatics compute infrastructure in the world’s leading cloud. The use of AWS’s compute, machine learning, and database capabilities will support the analysis and integration of diverse genomics, imaging, and experimental datasets to support breakthroughs in how Gilead diagnoses and treats diseases. For instance, by securely analyzing deidentified patient genomic data at scale on AWS to reveal patterns, Gilead can uncover insights on how people living with cancer respond to existing therapeutic options, potentially accelerating the discovery of new…

Source…

Tag Archive for: development