Weekly News Roundup February 6–10, 2023


Posted on by Kacy Zurkus

This week, OpenUK welcomed dozens of industry professionals to its State of Open Con 23 in London to discuss all things open source, from software to hardware and data. According to news from Infosecurity Magazine, enhancing the security of open-source software requires increased international collaboration. This sentiment was echoed by OpenUK CEO Amanda Brock, who opined about the perceptions and misconceptions of open-source software. Brock noted that in the aftermath of Log4Shell, critics were quick to blame the “many eyes” model for failing to detect vulnerabilities.

“Yet vulnerabilities occur in all software, even those maintained by private companies holding extensive resources. What matters most is how these vulnerabilities are found, fixed and then disseminated to the community that uses the project,” Brock said. “We can’t rely on the goodwill and efforts of the community alone to deliver and maintain code when it is used at the scale that open source is deployed. Support is needed from the wider enterprise software industry and governments.”

Though I’m not a software developer or engineer, I do dread those times when I see a product of interest and note, “some assembly required.” But no item, physical or digital, is without the potential for imperfection. A sofa cushion will likely need cleaning as much as a dining room chair might need a screw tightened. It’s unrealistic for users of open-source tools to expect that software is both free of vulnerabilities and impervious to future risk. That’s why it’s important to highlight the ongoing efforts of the enterprise software industry as they work together to ensure that We’re Not Doomed!

Now let’s take a look at what else made industry headlines this week.

Feb. 10: While ChatGPT has grown in popularity, users in China are prohibited from creating OpenAI accounts, yet the chatbot model is “increasingly being incorporated into Chinese consumer technology applications from social networks to online shopping,” according to Reuters.

Feb. 10: As Valentine’s Day approaches, end users should be on alert for romance scammers trying to steal more than their hearts.

Feb. 10: Residents in Northern Virginia, which is dubbed “the heart of the internet,” are feeling the environmental impact of increased demand for cloud computing technologies and data centers.

Feb. 9: The BBC reported, “Seven Russian men have been sanctioned by the UK and US for having links to recent ransomware attacks.”

Feb. 9: A State Department official reportedly said that the Chinese balloon struck down last week was being used as part of a widespread espionage campaign to conduct surveillance operations.

Feb. 9: In collaboration with several government agencies, CISA issued a #StopRansomware alert to help network defenders mitigate the risks of ransomware after the agencies determined that cryptocurrency funds garnered from North Korean state-sponsored ransomware attacks are being used to fuel continued attacks on the healthcare and critical infrastructure sectors.

Feb. 8: The World Economic Forum asserts the industry must “shift the narrative to build a cyber-ready workforce.”

Feb. 7: Dark Reading reported, “A tax variable in the software implementing the Dingo Token allows the creators to charge 99% in fees per transaction, essentially stealing funds, an analysis finds.”

Feb. 6: “Cybercriminals are actively exploiting a two-year-old VMware vulnerability as part of a ransomware campaign targeting thousands of organizations worldwide,” TechCrunch reported.

Feb. 6: The Hacker News reported, “An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware.”

Feb. 5: Mira Murati, Chief Technology Officer at OpenAI, discussed ChatGPT and the ethical questions surrounding the technology with Time.


Contributors
Kacy Zurkus

Senior Content Manager, RSA Conference

RSAC Insights

zero day vulnerability anti-malware anti malware access control artificial intelligence & machine learning exploit of vulnerability intrusion prevention/detection secure payments & cryptocurrencies

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs