https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Software


Partner content

Open-source code: The next major wave of cyberattacks

Open-source code: The next major wave of cyberattacks

  • Written by James Carder / Dark Reading
  • 22nd February 2022

Open-source software is ubiquitous. It has become an unequaled driver of technological innovation because organizations that use it don’t have to reinvent the wheel for common software components.

However, the ubiquity of open-source software also presents a significant security risk, as it opens the door for vulnerabilities to be introduced (intentionally or inadvertently) to the consumers of open-source software products. The recent race to address major vulnerabilities in the widely used Log4j code library is the biggest sign yet that risks within the open source software environment must be addressed.

The Open Source Appeal for Cybercriminals
The open-source attack method is appealing to bad actors because it can be widespread and highly effective. Attackers can use various methods to obfuscate malicious changes contributed to open-source projects, and the rigor in reviewing code for security implications can vary widely across projects. Without stringent controls in place to detect these malicious changes, they may go unnoticed until after they’ve been distributed and included in software across numerous companies.

Attacks on open-source code can vary in size and the entities they affect. For example, last July, researchers found nine vulnerabilities affecting three-open source projects — EspoCRM, Pimcore, and Akaunting — which are frequently leveraged by small and midsize businesses. What’s more, the 2017 Equifax data breach, which affected the personal data of 147 million people as a result of a vulnerability in the organization’s open-source code, is a clear example of how vulnerabilities can be exploited by bad actors and create damaging effects throughout.

Never Going to Give You Up
CISA has said that hundreds of millions of devices were likely affected by the Log4j vulnerability. Given the magnitude of this incident, many enterprises are likely analyzing whether to leverage open-source code for future developments.

However, forgoing open source altogether isn’t realistic. All modern software is built from open-source components, and rebuilding those components without open source would require massive investments in time and money to produce even minor applications. Over 60% of websites worldwide run on Apache and Nginx servers, and 90% of IT leaders reportedly use enterprise open-source code regularly.

To read the complete article, visit Dark Reading.

 

 

Tags: Applications Critical Infrastructure Cybersecurity DHS Enterprise Federal Government/Military Funding Incident Command/Situational Awareness News Policy Public Safety Security Software State & Local Government System Design System Operation Test & Measurement Tracking, Monitoring & Control Training Partner content

Most Recent


  • Artificial intelligence used to detect guns at schools
    At around midday on Tuesday, May 24 an 18-year-old shooter walked into an elementary school in Uvalde, Texas and shot and killed 21 people including 19 children. It is the second worst mass school shooting in U.S. history. There have been 30 mass shootings at K-12 schools so far in 2022. “I am sick and […]
  • Restrictions on Chinese imports hurting equipment vendors working in India
    Vendors have requested a relaxation on imports from China so that domestic telecom operators can roll out upgraded networks faster. With 5G deployment around the corner, telecom equipment vendors are finding themselves in a catch-22 situation. Since the Indo-Sino clash on the Galwan border in 2020, cross-border trade with China has been severely restricted. Multinational […]
  • Infrastructure improvements in cities often feature clean energy or connected technologies
    The most in-demand products and services in local governments fall into three interconnected buckets, says Matthew Britt, general manager of smart cities at Honeywell. The buckets, he says, are urban mobility, sustainability and resilience, and public safety. “Urban mobility begins with road infrastructure and understanding how to move people around cities more effectively and sustainably. At […]
  • Panasonic Connect launches Toughbook 40 rugged laptop
    Panasonic Connect this week announced the launch of the Toughbook 40, the highest-performing device in the family of fully rugged laptops, featuring LTE-Advanced and CBRS connectivity, and a lighter total weight, despite  boasting a 14-inch touchscreen display that is larger than the previous model in the Toughbook portfolio. In addition to all of its improved […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Rosenworcel proposes using spectrum-auction proceeds to fund NG911 deployments
  • Ransomware trained on manufacturing firms led cyberattacks in industrial sector
  • IoT devices most vulnerable to internal security threats
  • Dish is still working on 911 service for its 5G network

Commentary


LTE and liability: Why the fire service must move forward with digital incident command

  • 2
6th May 2022

Partnership and collaboration must be the foundation for emergency communications

18th April 2022

FirstNet success means no hypothetical ‘shots’ need to be fired, Swenson says

22nd February 2022
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Artificial intelligence used to detect guns at schools dlvr.it/SR8wBY

27th May 2022
UrgentComm

Restrictions on Chinese imports hurting equipment vendors working in India dlvr.it/SR8sj7

27th May 2022
UrgentComm

Infrastructure improvements in cities often feature clean energy or connected technologies dlvr.it/SR8n7G

27th May 2022
UrgentComm

Panasonic Connect launches Toughbook 40 rugged laptop dlvr.it/SR5vl2

26th May 2022
UrgentComm

Newscan: ‘Predator’ spyware let government hackers break into Chrome and Android, Google says dlvr.it/SR2lBG

25th May 2022
UrgentComm

Malicious Python Repository Package drops Cobalt Strike on Windows, macOS & Linux systems dlvr.it/SR0Qb2

24th May 2022
UrgentComm

T-Mobile’s CEO explains the company’s new private 5G strategy dlvr.it/SQyzhc

24th May 2022
UrgentComm

Hytera, Motorola Solutions refile appeal, cross-appeal in civil case dlvr.it/SQxNX1

24th May 2022

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • Microwave/RF
  • T&D World
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X