This is our third threat intelligence post. Each week, if appropriate, we will aim to share some wider industry news that might impact our clients. We didn’t have one last week because there was nothing of major importance.
This issue will be covering; Ruby, and some wider points.
Ruby
Last week, a PR into Rails main means that the CVE information in the stock
bin/bundler-audit will be kept up to date, meaning it is more useful, and
avoids false positives.
Matz has written about the transition of RubyGems stewardship from Ruby Central to the Ruby core team. This will hopefully stabilise some of the discontent in the Ruby community.
Wider / Misc notes
AWS had a major outage, impacting large portions of the internet. The most interesting thing about the outage was the services it impacted that probably shouldn’t have been sending data across to America in the first place. Smaller businesses operating in the UK should probably be using UK or European data centres.
One of the reasons so many places were impacted was the region that was down, US-EAST-1, is the default region when setting up AWS services.
Actions to consider;
- Are you using the appropriate regions for your service
- Do you have appropriate failovers in place to spread workload around regions
Just over a week ago the National Cyber Security Center published an article UK experiencing four ‘nationally significant’ cyber attacks every week. There is no immediate action needed but does highlight the scale of the issue with operating online.
Developers should audit and take care adding plugins to their code editors, there is a self-spreading malware called GlassWorm doing the rounds.
Rapid7’s Patch Tuesday for October contains a list of things worth patching.
About this post
Knowing some of the wider issues within your application’s ecosystem can help you plan for the future and act appropriately.
One of the roles we perform for some of our clients is being that trusted source of knowing some of the wider ecosystem challenges.
For years we have been doing this in various ways. Formal quarterly briefings, ad hoc “heads-up” emails, or silently adjusting the roadmap to accommodate wider context changes.
Since most of our clients share common attributes, we mostly do Ruby development, mostly deploy to a couple of vendors, etc. etc. it makes sense to share this knowledge in one place so that others may benefit from it.
If you’ve found this post useful, but don’t have availability on your team to consider it more, please do get in touch as we might be able to help.
Some disclaimers
This is for general information, and just because we share something doesn’t mean we agree or disagree with it, it just means it is a thing to be aware of.
This post doesn’t claim to be a summary of absolutely everything that has happened, we are human and we will miss things, or forget to write about things we’ve seen.
To our clients
We will never share here something specific to one client, and this doesn’t replace whatever we are currently doing for you, and don’t worry, we are compiling this in our personal time!
What is threat intelligence
Threat intelligence is evidence-based knowledge that provides context, indicators, and action-oriented advice on both existing and emerging threats to your systems.
The point of the intelligence is to help businesses make more informed decisions about their roadmap and future plans.