![]() ![]() Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries (BlackBerry) charges Chinese nationals with schemes to steal info, punish critics and recruit spies (CBS News)Ĭuba ransomware affiliate targets Ukrainian govt agencies (BleepingComputer) Says Chinese Tried to Obstruct Huawei Prosecution (Wall Street Journal) Justice Department Fires Warning Shot at Chinese Spies (Foreign Policy)Ĭhinese spies charged with trying to thwart Huawei investigation (Quartz)ĭOJ Charges 13 Over Chinese Interference In US Affairs (Law360) Two Arrested and 13 Charged in Three Separate Cases for Alleged Participation in Malign Schemes in the United States on Behalf of the Government of the People’s Republic of China (US Department of Justice) CISA expands its Known Exploited Vulnerabilities Catalog with six new entries. Ben Yelin on the DOJ’s spying cases against China. Mr Security Answer Person John Pescatore on security through obscurity. Varonis discovers two Windows vulnerabilities. CERT-UA warns of Cuba ransomware group phishing campaign. US Department of Justice unseals three indictments in PRC spying cases. Ukraine Documenting Russian Hacks, Eyeing International Charges (Bloomberg)ĬISA Releases Eight Industrial Control Systems Advisories (CISA) ![]() Rezilion Vulnerability Scanner Benchmark Report Finds Top Scanners Only 73% Accurate (PR Newswire)įour in Five Software Supply Chains Exposed to Cyberattack in the Last 12 Months (BlackBerry) Interests, Including Midterm Elections (Mandiant) Pro-PRC DRAGONBRIDGE Influence Campaign Leverages New TTPs to Aggressively Target U.S. Internet is shut down in Sudan on anniversary of military coup (The Record by Recorded Future) And if you’ll indulge us, we’ve got some pretty exciting CyberWire news. Andrea Little Limbago from Interos on the effects of water scarcity on data centers. A software supply chain security study, and a look at vulnerability scanning tools. A Chinese influence campaign targets US elections. Sudan closes its Internet as the country sees protests on the first anniversary of a coup. Ukraine: Russian cyber attacks aimless and opportunistic (SearchSecurity) Cyberattacks seen as opportunistic and disconnected from strategy.įor links to all of today's stories check out our CyberWire daily news briefing:Ĭross-Sector Cybersecurity Performance Goals (CISA)ĬISA unveils voluntary cybersecurity performance goals (Federal News Network)ĭataTribe Insights - Q2 2022: Economic Storm Makes Landfall (DataTribe) Our guests are Jenny Brinkley from Amazon AWS and Lisa Plaggemier from the National Cybersecurity Alliance with a collaborative educational project. Robert M. Lee from Dragos explains the TSA Pipeline Security Directive. Cyber seed rounds are an exception to a general downtrend in venture investment. Try to measure how much time it would take to update your local patched Rails when they release a new version (especially a major one, if you can), and project future work estimates from that.įor us, we ended up sacrificing functionality for development speed, and we switched to a less capable library that worked right out of the box without endless patching.CISA releases cross-sector cybersecurity performance goals. If your patches aren't going to migrate upstream, I'd be very wary of spending a lot of time maintaining them as the core library keeps evolving. The problem was, however, that they released new versions frequently, and we needed them as soon as they were released. My project was maintaining a custom set of patches for a major open source library for a while, and it was fairly labor-intensive: every time the library provider released a new version, a senior engineer spent a good part of a day going through the codebase and repatching it, testing the new version, etc. And if, heavens forbid, they do some major refactoring, you'll have to spend the time figuring out what functionality got moved where, and re-apply the patches as necessary. Maintaining custom patches for a foreign codebase is going to be painful, proportionally to the number of patches, and how badly spread out they are through the codebase.Ĭonsider this: every time the Rails team changes things, you'll have to go through your patches and make sure they still apply correctly.
0 Comments
Leave a Reply. |