Information Technology

M1 and its sister company Keppel Land have introduced 5G services that they say aim to improve maritime operations and enrich waterfront lifestyle. These include automated vessel analytics and recognition technologies to facilitate real-time surveillance. Targeted for deployment at Marina at Keppel Bay, the new suite of services would be delivered on M1’s 5G Standalone network, said the companies in a joint statement Wednesday. M1 and Keppel Land are part of the Keppel Group. 

Vessel owners at the bay would be able to tap 5G to “elevate” their waterfront lifestyle and yacht experience, as well as enhance work processes for berth operations, said M1 and Keppel. The new services would enable high speed and further automate and streamline processes, boosting productivity and efficiency for maritime operators, they said. 5G-powered monitoring devices armed with automated vessel analytics and recognition technologies, for instance, could facilitate real-time surveillance. This would ensure the safety and security of registered vessels and trigger alerts when unauthorised vessels entered the marina. Surveillance robots also could be deployed on the docks to support onsite monitoring and remote assistance. These bots would be integrated with incident management applications so data could be automatically captured, enabling communication between relevant personnel during incidents and providing 3D visualisation to assist in risk management and planning. The robots also could be leveraged to monitor and maintain the marina’s surroundings, automatically clearing any garbage identified in the waters. They then could reduce resources needed in maintaining water conditions. In addition, maintenance staff could put on 5G-powered headgears to carry out checks, handsfree. The high-speed connection would further enable them to join video conferences, share videos in real-time at any location, and receive remove support. 

M1 CEO Manjot Singh Mann said the mobile operator hoped to drive the use of 5G-enabled services across various industry sectors. Noting that this was in line with Keppel’s Vision 2030 strategy to accelerate smart cities, Mann said: “[The launch] heralds the beginning of our journey towards more viable commercial-ready 5G solutions that will advance our digital economy.”RELATED COVERAGE More

Image: ACT Policing
Two Australian law enforcement bodies will soon have the power to modify, add, copy, or delete data, after the Bill allowing such activity was waved through the Senate on Wednesday morning.The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020, now awaiting Royal Assent, hands the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) three new powers for dealing with online crime.The first of the warrants is a data disruption one, touted as a way to prevent “continuation of criminal activity by participants, and be the safest and most expedient option where those participants are in unknown locations or acting under anonymous or false identities”. This warrant gives the cops the ability to “disrupt data” by modifying, copying, adding, or deleting it.Failure to comply could land an individual with 10 years of imprisonment.The second is a network activity warrant that would allow the AFP and ACIC to collect intelligence from devices or networks that are used, or likely to be used, by those subject to the warrant. The last warrant is an account takeover warrant that will allow the agencies to take control of an online account for the purposes of gathering information for an investigation. The Parliamentary Joint Committee on Intelligence and Security (PJCIS) recommended the passage of the so-called “hacking” Bill earlier this month, provided that its 33 other recommendations were met. Shadow Minister for Home Affairs Kristina Keneally confirmed in the Senate on Wednesday the government has implemented “wholly or substantially” 23 of the 33 recommendations through legislative amendments or changes to the Bill’s explanatory memorandum.

These include strengthening the issuing criteria for warrants, including considerations for privacy, public interest, privileged and journalistic information, and financial impacts; reviews by the ISLM and the PJCIS; sunset powers in five years; and good-faith immunity provisions for assistance orders. Of the other 10 PJCIS recommendations, four have been accepted by the government and will be incorporated into its response to the national security legislation review. The House of Representatives on Tuesday passed the Bill, with a total of 60 amendments, and while Labor has thrown its support behind the Bill as a result of the amended document being a “better Bill”, the Australian Greens have not. “Unsurprisingly, the two major parties are in complete lockstep with each other and are leading us down the road to a surveillance state,” Greens Senator Lidia Thorpe said.”In effect, this Bill would allow spy agencies to modify, copy, or delete your data with a data disruption warrant; collect intelligence on your online activities with a network activity warrant; also they can take over your social media and other online accounts and profiles with an account takeover warrant.”What’s worse, the data disruption and network activity warrant could be issued by a member of the Administrative Appeals Tribunal — really? It is outrageous that these warrants won’t come from a judge of a superior court.” She said it was not clear that these warrants were even needed, noting the Bill “does not clearly identify a gap in existing powers”.”The scope of the new powers is disproportionate compared to the threats of serious and organised cybercrime to which they are directed,” she said.”There is a lack of evidence justifying the need for warrants of this nature, beyond those already available … no other country in the Five Eyes alliance has conferred powers on its law enforcement agency that this Bill will.”The Bill is now awaiting Royal Assent.MORE ON THE BILL More

A new report from Citizen Lab has revealed that the controversial NSO Group supplied surveillance tools to the perennially repressive government of Bahrain between June 2020 and February 2021.The company has faced withering backlash since it was revealed that they helped dozens of organizations spy on world leaders, activists, journalists and others using the Pegasus spyware.The latest report from Citizen Lab — authored by Ali Abdulemam, Noura Al-Jizawi, Bill Marczak, Siena Anstis, Kristin Berdan, John Scott-Railton and Ron Deibert — said nine activists from Bahrain had their iPhones hacked with NSO Group’s spyware, and some were attacked through zero-click iMessage exploits.

Both the 2020 KISMET exploit and the 2021 FORCEDENTRY exploit were used by the Bahraini government to hack into the phones of local human rights activists, political groups, a politician and even Bahraini dissidents living in London. “At least four of the activists were hacked by LULU, a Pegasus operator that we attribute with high confidence to the government of Bahrain, a well-known abuser of spyware. One of the activists was hacked in 2020 several hours after they revealed during an interview that their phone was hacked with Pegasus in 2019,” the report’s authors said. “Two of the hacked activists now reside in London, and at least one was in London when they were hacked. In our research, we have only ever seen the Bahrain government spying in Bahrain and Qatar using Pegasus; never in Europe.” The report notes that the activist in London may have actually been hacked by another Pegasus operator who then passed the information on to the Bahraini government. A list of those targeted by the government of Bahrain.
Citizen Lab

Citizen Lab coordinated with Forbidden Stories — the organization that revealed NSO Group’s work — and confirmed that at least five of the devices hacked into by the Bahraini government were contained on the Pegasus Project’s list of potential targets of NSO Group’s customers.Bahrain is a dictatorship that has long crushed dissent and deployed draconian measures to control public discussion online, blackmail government opponents, torture activists and commit other human rights violations. The report notes that other Western technology companies have in the past faced backlash for helping Bahrain’s government censor the internet, disrupt protests and monitor opponents both inside Bahrain and outside of the country. Canadian company Netsweeper is used by Bahrain to block many websites for Bahraini citizens and the Ministry of Interior’s Cyber Crime Unit, alongside other government arms, have bought spyware from FinFisher, Verint Systems, Cellebrite, Hacking Team, Trovicor GmbH and NSO Group, according to the report. Citizen Lab researchers discovered that Bahrain’s government first bought the Pegasus spyware in 2017 and began using it in Bahrain and Qatar. The organization saw a spike in usage of Pegasus in July 2020 and coordinated with targets of the government to analyze how they were targeted and how their phones had been hacked. Moosa Abd-Ali and Yusuf Al-Jamri, two Bahraini activists living outside of Bahrain, agreed to be named in the report but the others who had their phones hacked only wanted to be identified by the organizations they worked for. Abd-Ali stood out in the report because he previously took FinFisher to court after Bahraini officials used the company’s spyware to hack into his computer in 2011. His iPhone 8 was hacked sometime before September 2020. The report explained that officials tried a number of ways to hack into phones, even using fake DHL package tracking notifications that Citizen Lab traced back to a Bahraini government operator of Pegasus. Sometimes government operators used the zero-click exploit and in other instances it required one or two clicks on links to infect a device with the spyware. “We noted that these three domains were hosted on shared web hosting providers. In other words, the IP addresses that they pointed to had dozens of other innocuous domains also pointing to them. In previous iterations of NSO Group’s Pegasus infrastructure, each domain name pointed to a separate IP address,” the researchers found. The government has taken extreme measures to curtail dissent and diminish the influence of activists or protest leaders for decades but efforts have taken a technological turn in recent years, particularly since the Arab Spring protests began around 2010. The government violently put down the nascent protest movement in 2011, arresting and torturing hundreds of Bahrainis. Citizen Lab has been monitoring the government’s use of spyware for years, tracking their use of ProxySG devices and PacketShaper devices as well as Internet-filtering technology produced by Netsweeper, Inc. The government eventually bought spyware tools from former Nokia Siemens Networks affiliate Trovicor GmbH in 2011, according to Bloomberg. In one notable instance, the government used spyware from FinFisher, a UK-German company, to blackmail a well-known Bahraini lawyer. Government officials hacked into his computer and then sent him a CD threatening to release an intimate video of him and his wife if he did not stop defending human rights activists. The video had been obtained through a hidden camera that had been secretly planted in his home. The government eventually did release the video to the public after the lawyer refused to back down. Members of the government also have been accused of using other tools to deanonymizing pseudonymous Twitter accounts critical of the government. 

The researchers behind the report said it shows that the NSO Group’s repeated claims of innocence and human rights work fly in the face of the reality that their tools are used by dictatorships. “Despite a half-decade of being implicated in human rights abuses, NSO Group regularly claims that they are, in fact, committed to protecting human rights. However, this purported concern is contradicted by a growing mountain of evidence that its spyware is used by authoritarian regimes against human rights activists, journalists, and other members of civil society,” the report said.  “While NSO Group regularly attempts to discredit reports of abuse, their customer list includes many notorious misusers of surveillance technology. The sale of Pegasus to Bahrain is particularly egregious, considering that there is significant, longstanding, and documented evidence of Bahrain’s serial misuse of surveillance products including Trovicor, FinFisher, Cellebrite, and, now, NSO Group.”The researchers called the Bahraini government’s abuse of the spyware “predictable” and said it was “gross negligence in the name of profit” by NSO Group to sell the tool to a government with Bahrain’s human rights record. While the report said the victims of the hack may have been able to protect their devices by disabling iMessage and FaceTime, it notes that the NSO Group has found other ways to deliver malware through other messaging apps like WhatsApp. Experts, like Comparitech privacy advocate Paul Bischoff, said the report was further evidence that there is no real legitimate use for NSO Group’s malware.”Those authorities would not have the same spying capabilities without NSO Group,” Bischoff told ZDNet. “We should immediately declare an international moratorium on private sales of spyware.”  More

McAfee Enterprise’s Advanced Threat Research Team has unveiled a new study about vulnerabilities they found with pumps created by German healthcare giant B. Braun.The report chronicles the problems with B. Braun’s Infusomat Space Large Volume Pump and the SpaceStation, both of which are built to be used in adult and pediatric medical facilities. Infusion pumps are designed to help nurses and doctors skip time-consuming manual infusions and have gained prominence in recent years as many hospitals digitize their systems.  According to the study, attackers could take advantage of the vulnerabilities to change how a pump is configured in standby mode, allowing altered doses of medication to be delivered to patients without any checks. The OS of the pump does not check where the commands it gets are from or who is sending data to it, giving cyberattackers space to attack remotely. The use of unauthenticated and unencrypted protocols also gives attackers multiple avenues to gain access to the pump’s internal systems that regulate how much of each drug needs to go to a patient. “Malicious actors could leverage multiple 0-day vulnerabilities to threaten multiple critical attack scenarios, which can dramatically increase the rate of medication being dispensed to patients. Medical facilities should actively monitor these threats with special attention, until a comprehensive suite of patches is produced and effectively adopted by B. Braun customers,* McAfee’s Advanced Threat Research Team said in the study. “Through ongoing dialogue with B. Braun, McAfee Enterprise ATR disclosed the vulnerability and have learned that the latest version of the pump removes the initial network vector of the attack chain.”Douglas McKee, Steve Povolny and Philippe Laulheret — members of McAfee’s Advanced Threat Research Team — explain in the report that the changes to the amount of medication given to a patient would look like a simple device malfunction and would “be noticed only after a substantial amount of drug has been dispensed to a patient, since the infusion pump displays exactly what was prescribed, all while dispensing potentially lethal doses of medication.” 

McAfee noted that there are more than 200 million IV infusions administered globally each year using pumps like the ones supplied by B. Braun. The company is one of the leaders in an IV pump market that brought in $13.5 billion in 2020 in the US. Shaun Nordeck, a doctor working at a Level 1 Trauma Center, contributed to the study and said the ability to remotely manipulate medical equipment undetected, with potential for patient harm, is effectively weaponizing these point of care devices. “This is a scenario previously only plausible in Hollywood, yet now confirmed to be a real attack vector on a critical piece of equipment we use daily,” Nordeck said of the study. “The ransomware attacks that have targeted our industry rely on vulnerabilities just like these; and is exactly why this research is critical to understanding and thwarting attacks proactively.”McAfee informed B. Braun of the vulnerabilities in January and the company has since updated the pumps to solve the problem. But the emergence of the issue opens up an entirely new slate of attacks that could be leveraged if other network-based vulnerabilities are found. The report notes that even though B. Braun has fixed the problems, many hospitals are still running the vulnerable tools and software. “The medical industry has lagged severely behind others in the realm of security for many years — it’s time throw away the digital ‘band-aids’ of slow and reactive patching, and embrace a holistic ‘cure’ through a security-first mindset from the early stages of development, combined with a rapid and effective patch solution,” McKee, Povolny and Laulheret said. McAfee ended up discovering five separate, new vulnerabilities related to the pumps — CVE-2021-33886, CVE-2021-33885, CVE-2021-33882, CVE-2021-33883 and CVE-2021-33884 — which cover B. Braun’s Infusomat Large Volume Pump Model 871305U, a SpaceStation Model 8713142U docking station that holds up to 4 pumps and a software component called SpaceCom version 012U000050, all of which were released in 2017. “When looking at how the pump and its communication module handles communication and file handling, we observed that critical files are not signed (CVE-2021-33885), most of the data exchanges are done in plain-text (CVE-2021-33883), and there is an overall lack of authentication (CVE-2021-33882) for the proprietary protocols being used,” the report said.Security researchers have previously discovered cybersecurity vulnerabilities with infusion pumps from multiple companies besides B. Braun like Medtronic, Hospira Symbiq and others. But recently the German government released a study on infusion pumps, including those from B. Braun, as part of a larger examination of medical device cybersecurity. “SpaceCom is an embedded Linux system that can run either on the pump from within its smart-battery pack or from inside the SpaceStation. However, when the pump is plugged into the SpaceStation, the pump’s SpaceCom gets disabled,” the study found. “SpaceCom acts as the external communication module for the system and is separated from the pump’s internal operations, regardless of where it is running from. An important function of SpaceCom is to be able to update the drug library and pump configuration stored on the pump. The drug library contains information such as ward and department, a list of pre-configured drugs with their default concentrations, information messages to be printed on the screen when selected, and more importantly, soft, and hard limits to prevent medication error.” Part of why infusion pumps are so widely used now is because they help nurses regulate doses of drugs automatically, with some systems deploying databases with more than 1500 key/value pairs. One difficulty that cyberattackers may face is that the pump’s RTOS is not network connected but would need to be accessed to make any changes. “Although this attack chain presents a complete method to modify critical pump data, it is important to recognize the conditions required for this attack to be successful. These pumps are designed to be network connected to a local internal network,” the researchers explained. “Therefore, under normal operating conditions an attacker would need to have found a method to gain access to the local network. Could this attack take place over the internet? Technically speaking, yes; however, it would be very unlikely to see a setup where a pump is directly internet-connected.”There are also other measures taken by B. Braun to protect the device, including a feature that makes it so the pump ignores requests while already delivering medication, meaning the attack can only be leveraged when the pump is idle or in standby mode in between infusions. Nurses are also instructed to check the dosage and medication levels before setting anything, and regulations in multiple countries explain in detail how the device is supposed to be managed by nurses. But gaining access to local networks is not as difficult as it once was and McAfee noted that the “prerequisites for this attack are minimal and are not enough to mitigate the overall threat.” Once a local network is accessed, cybercriminals could take a number of steps to make their work easier, including clearing the current trusted server configuration and rewriting it to an attacker-controlled server.Attackers can even reboot the entire operation to make sure none of their changes are noticed by hospital staff. Nordeck, who has spent more than 20 years as a doctor in private settings and in the US Army, said ICU’s are high-pressure environments where there is an increased risk for infusion errors since these critical and often medically complex patients have multiple infusions which are being adjusted frequently. “Errors, however, are not limited to the ICU and may just as easily occur in the inpatient ward or outpatient settings,” Nordeck said. “Essentially with each increase in variable (patient complexity or acuity, number of medications, rate changes, nurse to patient ratio, etc.) there is an increased risk for error.” Nordeck added that “something as routine as correcting a person’s high blood sugar or sodium level too quickly can cause the brain to swell or damage the nerves which can lead to permanent disability or even death.” While the researchers noted that ransomware attacks are far more likely right now, it was important for healthcare institutions to harden themselves against the kinds of emerging attacks that continue to pop up from time to time. “Device manufacturers clearly aim to produce safe and secure products as evidenced by built-in safeguards. However, flaws may exist which allow the device to succumb to a ransom attack or potentially cause harm,” Nordeck added. “Therefore, manufacturers should collaborate with security professionals to independently test their products to detect and correct potential threats and thereby preserve patient safety and device security.”  More

Whenever the concept of public service melds into a business initiative for an enterprise and its ecosystem, the result is usually a win-win for everybody. Data backup and recovery provider HYCU is immersed in such a project right now, and the timing couldn’t be more spot-on, because it has to do with defending against the increasing number of ransomware attacks on businesses and organizations worldwide. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.The Boston-based company, which specializes in multi-cloud data backup and recovery-as-a-service, on Aug. 24 announced a new free-of-charge cloud application to help organizations identify and measure their ability to effectively recover in the event of a ransomware attack. Ransomware attacks have been popping up at an alarming rate during the past 18 months. These cyberattacks are big business–so big, in fact, that research claims a business is attacked by a cybercriminal every 11 seconds, according to Cybersecurity Ventures. Damage costs from these attacks are predicted to hit $20 billion by the end of this year. For context, ransomware was merely a $325 million business in 2015–57 times less than this year’s expected loss of $20 billion.It’s important for organizations to know what to do when this day comes, and the trend says it is likely to come to most companies.Free service available via GetRScore.orgHYCU is making its R-Score (ransomware score) evaluation available as a free service directly from GetRScore.org. R-Score is the culmination of months of work from HYCU data protection and cybersecurity experts and company partners, HYCU founder and CEO Simon Taylor told ZDNet.”Ransomware and the horribly increased criminality that we saw during COVID increasingly drove board-level discussions around what companies were doing when it came to data protection,” Taylor said. “All of a sudden the CISO, CIO, CFO, and CEO were talking openly with the board of directors about their data protection practices, and about what they were going to do if and when a ransomware attack occurred. We started to look at ways that we could become more involved in supporting our customers through these tragic times. 

“One of the things we came up with was this concept of what we call our ‘score.’ Very simply, our score concept is effectively a credit score that rates your company’s ability to recover from a ransomware attack. Our philosophy is: It’s not ‘if,’ it’s ‘when.'”The score, made available within about 10 minutes after it processes answers to its questions, is a number assigned to a company to tell management how prepared it will be to recover all its data after an attack. “So the way that I look at this is not as a commercial sales concept. This is really a true public service,” Taylor said.R-Score works similar to the way Fair and Isaac set up the FICO scoring system more than 30 years ago, Taylor said. The app uses entered data to assess an organization’s preparedness to repel and recover from ransomware attacks in five key categories: backup process, backup infrastructure, security and networking, restore processes, and disaster recovery.R-Score generated from 0 to 1,000Once the questions are answered, an R-Score is generated within a range of 0 to 1,000. In addition to the score, users will be given steps to take to improve their overall score. No user data or information related to generating the initial R-Score is stored or captured in any user identifiable form, Taylor said. A free consultation is available to better understand what measures and steps could be taken to improve an organization’s overall R-Score, Taylor said.”There has always been more of a focus around backup in the industry versus what companies really care about, which is recovery,” Enrique Salem, Partner at Bain Capital Ventures, which led HYCU’s $87.5 million Series A funding round earlier this year, said in a media advisory. “Industry-wide initiatives like R-Score that allow organizations to better prepare themselves in the inevitable event of a recovery in light of ransomware need to be more widely adopted and applauded.”Earlier this year, HYCU announced support for Kubernetes environments and launched its first SaaS-based application on Office 365, Taylor said. More

President Biden will meet Tim Cook, Satya Nadella, Andy Jassy and other tech chiefs at the White House to talk cybersecurity
GettyImages
US President Joe Biden has invited Apple CEO Tim Cook, Microsoft CEO Satya Nadella, and Amazon president and CEO Andy Jassy to the White House to discuss how the private sector can help combat ransomware and software supply chain attacks.The forthcoming meeting, reported by Bloomberg, concerns America’s resilience to major cyber attacks on critical infrastructure, which Biden has told Russian president Vladimir Putin should be “off limits”. 

SolarWinds Updates

In July, Biden said he believed that if US engaged in a “real shooting war” it would be in response to a major cyber attack. US government agencies and critical infrastructure providers have faced numerous ransomware and espionage attacks during the pandemic, including the SolarWinds software supply chain espionage attack, and ransomware attacks against Colonial Pipeline, Kaseya, and meat packer JBS.Cook, Nadella, and Jassy plan to attend the event on the afternoon of Wednesday, July 24, according to Bloomberg sources. Chiefs of Google, IBM, Southern Co, and JPMorgan Chase have also been invited to the meeting to discuss how critical infrastructure organizations in the banking, energy and water utility sectors can improve cybersecurity and collaboration with the government. Microsoft, AWS, Cisco, FireEye and IBM are currently participating in the government-led effort to shore up US critical infrastructure as part of Biden’s May cybersecurity executive order.      The rise of software supply chain attacks has European cybersecurity teams worried too, because of the difficulties in validating third-party code — be it open-source or proprietary software.

The SolarWinds attack, which resulted in compromises at Microsoft, multiple top US cybersecurity firms, and several government agencies, highlighted the cybersecurity risks to US critical infrastructure.The other threat comes from commonly-used enterprise software, such as Microsoft Exchange Server, which alleged Beijing-backed hackers were exploiting before Microsoft’s patches were available. More

Linux and open-source software are much easier to secure than proprietary software. As open-source co-founder Eric S. Raymond pointed out with Linus’ law: “Given enough eyeballs, all bugs are shallow.” But it requires eyeballs looking for bugs in the first place to make it work. Jim Zemlin, the Linux Foundation (LF)’s executive director, said in the aftermath of the Heartbleed and Shellshock security fiascos: “In these cases, the eyeballs weren’t really looking.” To help remedy this, David A. Wheeler, the LF’s director of Open Source Supply Chain Security, recently revealed the LF or its related foundations and projects directly fund people to do security work. Here’s how it works.

The funding comes from a variety of pro-Linux and open-source organizations. These include Google, Microsoft, the Open Source Security Foundation (OpenSSF), the LF Public Health foundation, and the LF itself. When a problem is found, a developer reaches out to the appropriate LF organization. Generally speaking, a contract that briefly describes what problem needs to be fixed and how it will be done, the funds required for it, and who will do the work is set up.  The proposal is then examined by the appropriate LF technical review point of contact (POC). This POC is often Wheeler himself. Once your project is approved, progress reports are made approximately once a month. These must include:A stable URL of a publicly accessible post (e.g., a blog or archived mailing list post) describing what you did that month.The post must briefly describe what has been accomplished using the funding since the last invoice. Include its date and hyperlinks to details. If git commits were involved, include hyperlinks to them. Make it easy for technical people to learn details (e.g., via hyperlinks).Also briefly describe why this work is important or link to such description(s), for someone who is not intimately familiar with it. Some readers may see your post out of context.Give credit, similar to National Public Radio. (e.g., “This work to was [partially] funded by the OpenSSF, Google, and The Linux Foundation.”) Thanking others is always polite. We also want people to consider funding OSS security as normal.Publicly provide an identifier (a personal name, pseudonym, or project name) of who’s doing the work. This simplifies referring to the work. You do not need to reveal your personal name(s) publicly, though you’re welcome to do so.This is a lightweight process. It shouldn’t take more than 20 minutes to write these reports. You may find it easier to write your post while you do the work. Funded work must be available under the appropriate open-source licenses. For example, bug fixes to Linux must be licensed under the Gnu General Public Licenses Version 2 (GPLv2).The POC will then review the post, and if it seems reasonable, approve the payment. Wheeler explained: “We understand that sometimes problems arise. We just want to see credible efforts. If there’s a serious roadblock, try to suggest ways to overcome it or provide partial/incremental benefits. We need to provide confidence to funders that we aren’t wasting their money.”

So, what kind of projects are we walking about? Wheeler cites several examples. These include:Ariadne Conill, the Alpine Linux security team chair, is improving this important container Linux distro’s security. In particular, Conill has improved its vulnerability processing and made it reproducible. For example, this resulted in Alpine 3.14 being released with the lowest open vulnerability count in the final release in a long time. On Git, the vital distributed version control system, David Huseby has been working on modifying git to have a much more flexible cryptographic signing infrastructure. This will make it easier to verify the integrity of software source code.It’s not just Linux-related programs that get security help. Theo de Raadt, founder and leader of OpenBSD and OpenSSH, has received funding to secure OpenSSH’s plumbing. OpenSSH is an important suite of secure Secure Shell (ssh)networking utilities based on the protocol. De Raadt has also been funded to help secure Resource Public Key Infrastructure (RPKI), which protects internet routing protocols from attack. Besides fixing known problems, the LF and company are also looking for security troubles we don’t know about yet. That’s being done with security audits via the Open Source Technology Improvement Fund (OSTIF). These projects include two Linux kernel security audits. One for signing and key management policies and the other for vulnerability reporting and remediation. Subject matter experts perform the audit reports, while Wheeler ensures these reports are clear to non-experts while still being accurate.Looking ahead, OpenSSF is also working on improving overall open-source software security. These include free courses on how to develop secure software and the CII Best Practices badge project. Other projects improve OSS security, include sigstore, which is making cryptographic signatures much easier and improving software bill-of-materials (SBOMs).If you’d like to help pay for this kind of work, the LF wants to hear from you. You can contribute to the OpenSSF by just contacting the organization, Or, if you’d rather, you can create a grant directly with the Linux Foundation itself. If you have questions just email Wheeler at dwheeler@linuxfoundation.org. For smaller amounts — say, to fund a specific project — you can also use the LFX crowdfunding tools to fund or request funding.Having trouble with the business side of funding security coding and audits? You’re not alone. As Wheeler said: “Many people and organizations struggle to pay individual open-source software developers because of the need to handle taxes and oversight. If that’s your concern, talk to us. The LF has experience and processes to do all that, letting experts focus on getting the work done.”Related Stories: More

Palo Alto Networks on Monday reported better-than-expected fourth quarter financial results, highlighting “notable strength in large customer transactions.”As many as 18 customers signed 8-figure transactions in Q4, the company said.
Palo Alto Networks
Non-GAAP net income for the fourth quarter was $161.9 million, or $1.60 per diluted share. Fourth quarter revenue grew 28% year-over-year to $1.2 billion. Analysts were expecting earnings of $1.43 per share on revenue of $1.17 billion.For the full fiscal year 2021, revenue grew 25% to $4.3 billion.”Our strong Q4 performance was the culmination of executing on our strategy throughout the year, including product innovation, platform integration, business model transformation and investments in our go-to-market organization,” chairman and CEO Nikesh Arora said in a statement. “In particular, we saw notable strength in large customer transactions with strategic commitments across our Strata, Prisma and Cortex platforms.”  
Palo Alto Networks
Fourth quarter billings grew 34% year-over-year to $1.9 billion. Fiscal year 2021 billings grew 27% to $5.5 billion.

Deferred revenue grew 32% year-over-year to $5 billion, while remaining performance obligation (RPO) grew 36% to $5.9 billion. For Q1 2022, Palo Alto expects revenue in the range of $1.19 billion to $1.21 billion. Analysts are expecting revenue of $1.15 billion. For the fiscal year 2022, the company expects revenue in the range of $5.275 billion to $5.325 billion.

Tech Earnings More