Cybersecurity Snapshot: U.S. Gov’t Urges Adoption of Memory-Safe Languages and Warns About Iran Cyber Threat

The US government is urging developers to use memory-safe programming languages to prevent memory-related vulnerabilities that can be exploited by hackers. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recommend using languages like Ada, C#, Delphi/Object Pascal, Go, Java, Python, Ruby, Rust, and Swift, which have built-in protections against memory safety issues. Memory-safe languages can prevent buffer overflows, reduce the risk of manual memory management mistakes, and detect and prevent memory corruption issues. The use of memory-safe languages can also improve the stability, scalability, and reliability of applications, reducing crashes and the need for patches. CISA and the NSA provide suggestions for hardening existing applications written in non-memory safe languages and caution against adopting a memory-safe language without proper due diligence. The agencies outline elements to consider when adopting a memory-safe language, including the need for developer training and tools, integration with existing codebases, and community support. Cybersecurity teams in the US should be on guard against cyber attacks from Iran-backed hackers and hacktivists, according to a warning from the Department of Homeland Security. The agency urges organizations to adopt cybersecurity best practices to boost protection against low-level cyber attacks. A report from NCC Group found that global ransomware attacks dropped in May, but the threat level remains high due to the growing risk from vulnerable AI systems. The Cyber Threat Alliance is warning organizations to start transitioning to quantum-resistant cryptography as soon as possible to prepare for the threat of quantum computing to data security.