FEDORA-2024-a23144cfd5
Packages in this update:
dotnet8.0-8.0.101-1.fc39
Update description:
This is the January 2024 update for .NET 8. Release Notes: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.1/8.0.1.md
dotnet8.0-8.0.101-1.fc39
This is the January 2024 update for .NET 8. Release Notes: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.1/8.0.1.md
OpenAI will implement a provenance standard into DALL-E 3 and link ChatGPT to an authoritative election website in the US
Interesting research: “Do Users Write More Insecure Code with AI Assistants?“:
Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI’s codex-davinci-002 model wrote significantly less secure code than those without access. Additionally, participants with access to an AI assistant were more likely to believe they wrote secure code than those without access to the AI assistant. Furthermore, we find that participants who trusted the AI less and engaged more with the language and format of their prompts (e.g. re-phrasing, adjusting temperature) provided code with fewer security vulnerabilities. Finally, in order to better inform the design of future AI-based Code assistants, we provide an in-depth analysis of participants’ language and interaction behavior, as well as release our user interface as an instrument to conduct similar studies in the future.
At least, that’s true today, with today’s programmers using today’s AI assistants. We have no idea what will be true in a few months, let alone a few years.
Veeam found that 75% of organizations suffered at least one ransomware attack last year, with 26% hit four or more times
An advisory from the FBI and CISA says threat actors are deploying the Androxgh0st malware for victim identification and exploitation in target networks
This is part two of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking, provocative, and encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog.
Part one: Unusual, thought-provoking predictions for cybersecurity in 2024
Part three: Four cybersecurity trends you should know for 2024
With the democratization of computing comes attack surface expansion. According to Gartner, 91% of businesses are engaged in some form of digital initiative, and 87% of senior business leaders say digitalization is a priority. 89% of all companies have already adopted a digital-first business strategy or are planning to do so.
The more digital the world becomes the greater the attack surface. This is simply a fact. Securing that ever-expanding attack surface is where we will see innovation.
The security operations center (SOC) must modernize to keep pace with the always-on and digital-first world delivered through innovations such as edge computing, AI, and IoT. The SOC of the future will need to expand to address:
Edge computing is happening all around us. Defined by three primary characteristics: software-defined, data-driven, and distributed, edge computing use cases are expanding to deliver business outcomes.
Edge computing is a sea-change in the world of computing.
As edge use cases deliver business value and competitive advantage, the technology changes – networks with lower latency, ephemeral applets, and a digital-first experience, are the requirements for all edge computing use cases.
Edge computing needs to be embraced and managed by the SOC. There are diverse endpoints, new software stacks, and a rapidly changing attack surface that needs to be mapped and understood.
In 2024, expect to see SOC teams, with roles that include security engineer/architect, security analyst, SOC manager, forensics investigator, threat responder, security analyst, and compliance auditor, begin to determine how edge computing needs to be secured. SOCs will explore various management activities, including understanding diverse and intentional endpoints, complete mapping of the attack surface, and ways to manage the fast-paced addition or subtraction of endpoints.
Without a doubt, we are living in a world built on software. Software is only as secure as the development requirements. Software controls our traditional applications that are still batch-based, sigh, and near-real-time edge interactions. Software is how the world works.
With innovations in computing, software is changing; it is no longer about graphical user interface (GUI) applications that require some keyboard input to produce output. Edge computing is taking software to the next level of sophistication, with non-GUI or headless applets becoming the norm.
While the software bill of materials (SBoM) requirements advance the cause of application security, edge computing and its reliance on functioning, performant, and secure software will make application security a necessity.
In 2024, expect to see software engineering practices emphasizing security emerge. Simply being able to write code will no longer be enough; developers will increase their sophistication and require more security expertise to complement their already deep skill sets. Educational institutions at secondary and university levels are already advancing this much-needed emphasis on security for developers and software engineering.
The next generation of computing is all about data. Applications, workloads, and hosting are closer to where data is generated and consumed. It’s all about a near-real-time, digital-first experience based on the collection, processing, and use of that data.
The data needs to be free of corruption to assist with making or suggesting decisions to the user. This means the data needs to be protected, trusted, and usable.
In 2024, expect data lifecycle governance and management to be a requirement for business computing use cases. Data security is something a SOC team will begin to manage as part of its responsibility.
Endpoints are diversifying, expanding, and maturing. Industry analyst firm IDC projects the worldwide spending on IoT to surpass $1 trillion in 2026. The 2023 AT&T Cybersecurity Insights Report shows 30% of participants expanding their endpoints to include new diverse and intentional assets such as robots, wearables, and autonomous drones – while 48% use traditional endpoints such as phones, tablets, laptops, and desktops. Endpoints are critical to business.
Today, most SOCs offer some endpoint detection and response (EDR) or extended detection and response (XDR). However, how are SOC teams preparing to precisely identify the status, location, make, and model of this rapidly expanding world of endpoints?
In a world of computing comprised of diverse and intentional endpoints, SOC teams need to know the precise location of the endpoint, what it does, the manufacturer, whether the firmware is up to date, if the endpoint is actively participating in computing or if it should be decommissioned, and a host of other pieces of pertinent information. Computing is anywhere the endpoint is – and that endpoint needs to be understood at a granular level.
In 2024, expect startups to provide solutions to deliver granular details of an endpoint, including attributes such as physical location, IP address, type of endpoint, manufacturer, firmware/operating system data, and active/non-active participant in data collection. Endpoints need to be mapped, identified, and properly managed to deliver the outcomes needed by the business. An endpoint cannot be left to languish and act as an unguarded entry point for an adversary.
In addition to granular identification and mapping of endpoints, expect to see intentional endpoints built to achieve a specific goal, such as ease of use, use in harsh environments, and energy efficiency. These intentional endpoints will use a subset of a full-stack operating system. SOC teams must manage these intentional endpoints differently than endpoints with the full operating system.
Look for significant advancements in how SOCs manage and monitor endpoints.
The attack surface continues to expand. We continue to add diverse endpoints and new types of computing. As we add new computing, legacy computing is not retired – complexity and the attack surface continue to grow.
SOC teams of the future need to visually understand the attack surface. This sounds simple, but it isn’t easy to distill the complex into a simple representation.
In 2024, expect SOC teams to seek a way to easily map the attack surface and correlate relevant threat intelligence to the mapping. To effectively do this, other aspects of the SOC of the future will need to be realities.
I’ll be talking about this a lot more in 2024 as we endeavor to provide you with insights on how the industry is changing as we move forward. Bookmark our blog. There is a lot of great information coming in the months ahead.
Municipality of Calvià on the Spanish island of Majorca was hit by a ransomware attack last weekend
GitHub urges customers to apply a new patch and take action if impacted by credential rotation
chromium-120.0.6099.224-1.fc38
update to 120.0.6099.224
High CVE-2024-0517: Out of bounds write in V8
High CVE-2024-0518: Type Confusion in V8
High CVE-2024-0519: Out of bounds memory access in V8
chromium-120.0.6099.224-1.fc39
update to 120.0.6099.224
High CVE-2024-0517: Out of bounds write in V8
High CVE-2024-0518: Type Confusion in V8
High CVE-2024-0519: Out of bounds memory access in V8