Integrating security from code to cloud

Published: 5 September 2024
Categories: MIT Tech Review

RSS Feed Source: MIT Technology Review

The Human Genome Project, SpaceX’s rocket technology, and Tesla’s Autopilot system may seem worlds apart in form and function, but they all share a common characteristic: the use of open-source software (OSS) to drive innovation.

Offering publicly accessible code that can be viewed, modified, and distributed freely, OSS expedites developer productivity and creates a collaborative space for groundbreaking advancements.

“Open source is critical,” says David Harmon, director of software engineering for AMD. “It provides an environment of collaboration and technical advancements. Savvy users can look at the code themselves; they can evaluate it; they can review it and know that the code that they’re getting is legit and functional for what they’re trying to do.”

But OSS can also compromise an organization’s security posture by introducing hidden vulnerabilities that fall under the radar of busy IT teams, especially as cyberattacks targeting open source

Click this link to continue reading the article on the source website.

Dear Colleague Letter: Division of Ocean Sciences (OCE) Sample and Data Policy

Published: 4 September 2024
Categories: NSF Pgm Announcements

RSS Feed Source: MIT Technology Review

NSF 24-124

This document replaces NSF 17-037, Division of Ocean Sciences Sample and Data Policy, December 15, 2016.

September 4, 2024

Dear Colleagues:

All NSF proposals must include a Data Management and Sharing Plan that describes what data/samples will be collected, what analyses will be done, and how the project will provide open and timely access to meta data, data, preserved or archived samples, derived products (e.g., models and model output), and other information on the project during and after the project’s completion. The Data Management and Sharing Plan also must specifically discuss how the investigators will achieve the specific OCE data archiving and reporting requirements described below in this document. If the project is not expected to generate new data, samples or derived data products, the Data Management and Sharing Plan can

Click this link to continue reading the article on the source website.

Russian Military Cyber Actors Target US and Global Critical Infrastructure

Published: 4 September 2024
Categories: US-Computer Emergency Readiness Team

RSS Feed Source: MIT Technology Review

Summary

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. GRU Unit 29155 cyber actors began deploying the destructive WhisperGate malware against multiple Ukrainian victim organizations as early as January 13, 2022. These cyber actors are separate from other known and more established GRU-affiliated cyber groups, such as Unit 26165 and Unit 74455.

To mitigate this malicious cyber activity, organizations should take the following actions today:

Prioritize routine system updates and remediate known exploited vulnerabilities. Segment networks to prevent the spread of malicious activity. Enable phishing-resistant multifactor authentication (MFA) for all externally facing account services, especially for webmail, virtual private networks (VPNs), and accounts that access critical systems.

This Cybersecurity Advisory provides tactics, techniques, and procedures (TTPs) associated with Unit 29155 cyber actorsboth during and succeeding their deployment of WhisperGate against Ukraine—as well as further analysis (see Appendix A) of the WhisperGate malware initially published in the joint advisory, Destructive Malware Targeting Organizations in Ukraine, published February 26, 2022.

FBI, CISA, NSA and the following partners are releasing this joint advisory as

Click this link to continue reading the article on the source website.