Tag Archive for: Europe’s

Europe’s cyber security strategy must be clear about open source

/in


Europe’s cyber security policy has an open source problem. Compared to the US, the UK and Europe have been playing catch-up on national security strategy for resiliency of open source software supply chains against malicious actors. Open source powers our critical software infrastructure, and can be used as a threat against it – Microsoft recently found vulnerable open source components being exploited to hack energy grids in India. In 2021, the Log4shell vulnerability – the largest spread security vulnerability in recent history – laid bare the risks of unmanaged software supply chains.

Because this is a global concern, governments are acting. Last year, the UK government issued a Proposal for Legislation to ‘Improve the UK’s Cyber Resilience,’ highlighting the immense impact even small security risks in the supply chain can have. Meanwhile, Germany issued the Information Security Act 2.0 (IT-SiG), and more recently, the European Union (EU) has proposed its Cyber Resilience Act (we’ll come back to that).

To put into perspective why this is a big deal, open source comprises between 80% and 90% of code in all modern applications. At least a quarter of identified hacks originating from the application layer can be attributed to a vulnerability in an open source component used to build it. Unfortunately, many commercial consumers of open source are not managing their software supply chain in any centralised fashion. Of the open source components being downloaded that are known to be vulnerable, 96% of the time, there’s been a better, non-vulnerable version available

Even Log4j, the component that made applications vulnerable to Log4shell, was subject to similar behaviour. The average consumption of the vulnerable versions of Log4j stood at 38% for all of 2022. That means 38% of the time, someone is downloading and building into their software a version containing the most widely publicised and exploited vulnerability we’ve ever seen.

The problem stems from lack of incentive for corporations to act. Open source is a powerful tool that enables our modern economy, but not managing it leaves software development teams open to  technical debt and bad security risk.

Source…

Amazon Invests in Nine New Renewable Energy Projects in Canada, the U.S., Spain, Sweden, and the UK and Becomes Europe’s Largest Corporate Buyer of Renewable Energy

/in


Amazon (NASDAQ: AMZN) today announced nine new utility-scale wind and solar energy projects in the U.S., Canada, Spain, Sweden, and the UK. The company now has 206 renewable energy projects globally, including 71 utility-scale wind and solar projects and 135 solar rooftops on facilities and stores worldwide, which will generate 8.5 GW of electricity production capacity globally. With this latest announcement, Amazon is now the largest corporate purchaser of renewable energy in Europe, with more than 2.5 GW of renewable energy capacity, enough to power more than two million European homes a year.

These projects supply renewable energy to Amazon’s corporate offices, fulfillment centers, Whole Foods Market stores, and Amazon Web Services (AWS) data centers, which power Amazon and millions of AWS customers globally. The renewable energy from these projects also helps Amazon meet its [url=”]commitment[/url] to produce the clean energy equivalent to the electricity used by all consumer Echo devices. All of these projects put Amazon on a path to power 100% of its activities with renewable energy by 2025—five years ahead of the original target of 2030. Investing in renewable energy is one of the many actions Amazon is taking as part of The Climate Pledge, a commitment to be net-zero carbon by 2040, 10 years ahead of the Paris Agreement.

“Amazon continues to scale up its investments in renewable energy as part of its effort to meet The Climate Pledge, our commitment to be net-zero carbon by 2040,” said Jeff Bezos, Amazon founder and CEO. “With these nine new wind and solar projects, we have announced 206 renewable wind and solar projects worldwide, and we are now the largest corporate buyer of renewable energy in Europe and globally. Many parts of our business are already operating on renewable energy, and we expect to power all of Amazon with renewable energy by 2025—five years ahead of our original target of 2030.”

The nine new wind and solar projects announced today in the U.S., Canada, Spain, Sweden, and the UK include:

  • Our first solar project paired with energy storage: Based in California’s Imperial Valley, Amazon’s first solar project paired with energy storage…

Source…

Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware – Krebs on Security

/in

Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware  Krebs on Security
“computer security news” – read more