Black Lotus Labs cybersecurity experts: It propagates through known CVEs and brute forced as well as stolen SSH keys. It is the evolution Kaiji.
The first issue of the military “Ten Commandments of Software” are born in USA, thanks to DIB
In the USA are borning the “Ten Commandments of Software”. The Defense Innovation Board (DIB) unveiled an initial version of the document at a public meeting in Cambridge, Mass, FedScoop reported. “The Department of Defense (DOD) must be able to develop and deploy software as fast or faster than its adversaries are able to change tactics,” the document reads. To catch this goal the DIB prepared 10 suggestions for how DOD should approach and think about software acquisition. Each of them is based on the lesson learned in the software industry and are studied to counter as best enemy cyberwarfare. “These principles are not universal and may not apply in all situations, but they provide a framework for improving the use of software in DOD operations going forward – the report continues . We believe it will provide substantial improvements compared to the current state of practice.”
Which are the Ten Commandments of Software
The Ten BID Commandments of Software for USA DOD are:
1) Make computing, storage, and bandwidth abundant to DOD developers and users.
2) All software procurement programs should start small, be iterative, and build on success‒ or be terminated quickly.
3) Budgets should be constructed to support the full, iterative life-cycle of the software being procured with amount proportional to the criticality and utility of the software.
4) Adopt a DevOps culture for software systems.
5) Automate testing of software to enable critical updates to be deployed in days to weeks, not months or years.
6) Every purpose-built DOD software system should include source code as a deliverable.
7) Every DOD system that includes software should have a local team of DOD software experts who are capable of modifying or extending the software through source code or API access.
8) Only run operating systems that are receiving (and utilizing) regular security updates for newly discovered security vulnerabilities.
9) Data should always be encrypted unless it is part of an active computation.
10) All data generated by DOD systems – in development and deployment – should be stored, mined, and made available for machine learning.