CISA Flags Memory-Unsafe Code in Major Open Source Projects

Despite more than 50% of all open source code being written in memory-unsafe languages like C++, we are unlikely to see a massive overhaul to codebases anytime soon. [TechWeb]( Follow Dark Reading: [RSS]( July 01, 2024 LATEST SECURITY NEWS & COMMENTARY [CISA Flags Memory-Unsafe Code in Major Open Source Projects]( Despite more than 50% of all open source code being written in memory-unsafe languages like C++, we are unlikely to see a massive overhaul to codebases anytime soon. [CISO Corner: The NYSE & the SEC; Ransomware Negotiation Tips]( Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. [TeamViewer Credits Network Segmentation for Rebuffing APT29 Attack]( Despite warnings from Health-ISAC and the NCC Group, the remote access software maker says defense-in-depth kept customers' data safe from Midnight Blizzard. [Critical GitLab Bug Threatens Software Development Pipelines]( The company is urging users running vulnerable versions to patch CVE-2024-5655 immediately, to avoid CI/CD malfeasance. [LockBit Attack Targets Evolve Bank, Not Federal Reserve]( The ransomware group claimed it had breached the Federal Reserve, but the target now appears to have been an Arkansas-based bank, Evolve. [Hundreds of Thousands Impacted in Children's Hospital Cyberattack]( Though the Chicago-area hospital did not pay a ransom, a host of sensitive medical information is now at risk. [Unfounded Fears: AI Extinction-Level Threats & the AI Arms Race]( There is an extreme lack of evidence of AI-related danger, and proposing or implementing limits on technological advancement isn't the answer. [(Sponsored Article) Dynamic Computing Calls for Cyber Resilience, Not Just Security]( The era of dynamic computing is exposing the differences between cyber resilience and security and the challenges of achieving both. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [MOVEit Transfer Flaws Push Security Defense Into a Race With Attackers]( While Progress has released patches for the vulnerabilities, attackers are trying to exploit them before organizations have a chance to remediate. [Your Phone's 5G Connection Is Vulnerable to Bypass, DoS Attacks]( Wireless service providers prioritize uptime and lag time, occasionally at the cost of security, allowing attackers to take advantage, steal data, and worse. [Achieve Next-Level Security Awareness by Creating Secure Social Norms]( By committing to build secure habits at work and in our personal lives, and to helping others do the same, our personal information will be much better protected. [Dangerous AI Workaround: 'Skeleton Key' Unlocks Malicious Content]( Microsoft, OpenAI, Google, and Meta GenAI models could be convinced to ditch their guardrails, opening the door to chatbots giving unfettered answers on building bombs, creating malware, and much more. [MORE]( PRODUCTS & RELEASES [Cybersecurity Veteran Kevin Mandia Named General Partner of Ballistic Ventures]( [Landmark Admin, LLC Provides Notice of Data Privacy Incident]( [The Mount Kisco Surgery Center LLC d/b/a The Ambulatory Surgery Center of Westchester - Notice of Data Security Incident]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Dark Reading Confidential: Meet the Ransomware Negotiators]( Episode 2: Incident response experts-turned-ransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations' systems and data for ransom. Among their fascinating stories: how they negotiated with cybercriminals to restore operations in a hospital NICU where lives were at stake, and how they helped a church, where the attackers themselves "got a little religion." LATEST FROM THE EDGE [Don't Forget to Report a Breach: A Cautionary Tale]( Responding to an incident quickly is important, but it shouldn't come at the expense of reporting it to the appropriate regulatory bodies. LATEST FROM DR TECHNOLOGY [1Touch.io Integrates AI Into Mainframe Security]( Just because mainframes are old doesn't mean they're not in use. Mainframe Security Posture Management brings continuous monitoring and vigilance to the platform. LATEST FROM DR GLOBAL [Indonesia Refuses to Pay $8M Ransom After Cyberattack]( More than 200 regional and national government agencies have been impacted by the ransomware attack, and few of them are once again operational. WEBINARS - [Enhance Cloud Security with Cloud-Native Security]( In this webinar, learn how your current cloud security measures may be falling short as you shift to cloud-native, and what new tools and processes you will need to put in place to stay ahead of attackers. - [Tales of a Modern Data Breach: The Rise of Mobile Attacks]( Modern breaches now happen in minutes, not months. Threat actors are exploiting the fact that mobile devices are more susceptible to social engineering, enabling them to gain direct access to cloud infrastructure with legitimate credentials and swiftly compromise data. Recent ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Future of Audit, Risk, and Compliance: Exploring AI's Transformative Impact, Use Cases, and Risks]( - [Decode the New SEC Cybersecurity Disclosure Ruling]( - [Dynamic Computing Calls for Cyber Resilience, Not Just Security]( - [A Watershed Moment for Threat Detection and Response]( - [2024 InformationWeek US IT Salary Report]( - [Generative AI Gifts]( - [Shining a light in the dark: observability and security, a SANS profile]( [View More White Papers >>]( FEATURED REPORTS - [2024 InformationWeek US IT Salary Report]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124316&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_07.28.24&sp_cid=54111&utm_content=DR_NL_Dark%20Reading%20Daily_07.28.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#ad If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)