As Microsoft continues to move forward with its embrace of Rust, it has posted Rust crates to GitHub, enabling developers to write Windows drivers in the memory-safe language.

There are many reasons to appreciate Rust. Aside from its popularity with developers, it has strong safeguards against memory safety bugs, which have comprised around 70% of fixed, CVE-listed Windows vulnerabilities since 2006. Earlier this year, Microsoft Director of OS Security for Windows David “Dwizzzle” Weston announced at BlueHat IL that the company would begin converting some “core Windows libraries” from C++ to Rust, and had already done so with 36,000 lines of the Windows kernel.

Mark Russinovich, chief technical officer of Microsoft Azure, tweeted a link to the GitHub repository on Sept. 23 with the caption “working towards enabling Windows driver development in Rust.” DevClass reported that the initial release focuses on support for the Windows Driver Kit (WDK), and is intended to work with Windows Driver Model (WDM) and Windows Driver Framework (WFK) drivers.

“This project is still in early stages of development and is not yet recommended for commercial use,” a note on the GitHub repository caution.

One hot topic of discussion among developers who have looked at the release, DevClass reported, is structured exception handling—Rust lacks exceptions. Instead, it reports recoverable errors and quits via panic failure when encountering irrecoverable ones. The latter behavior is undesirable for kernel code, because it causes a full system crash.

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

Your IT equipment prefers chill vibes. But with large facilities (and more record-busting summer heat waves in the future ), cooling an entire server room isn’t always an option.

Learn how to spot-cool your racks instead with Eaton’s Rack Cooling Buying Guide. Supplemental or spot cooling (aka cooling a few server racks at a time with focused air-conditioning units) helps keep your servers cool without breaking the bank.

The guide explores everything you need to know about cooling down without the downtime, including:

• how to choose between primary and supplemental cooling
• when to self-install (and when to call a pro)
• how to monitor stack temps remotely

Get the full guide.

New research from security company NCC Group indicates that the rise in ransomware attacks this year didn’t slow down for summer. There were 502 attacks in July, up 154% from the previous year, according to research the group published Aug. 22.

Even without the spike in MOVEit attacks by hacking gang Cl0p, which perpetrated 171 of the attacks in July, the total was still up 53% year over year, according to NCC researcher Matt Hull.

“It’s highly inflated numbers, but it doesn’t change that general trend across the board for the year,” Hull told IT Brew.

The MOVEit vulnerability was patched in mid-June, but Hull assumes adoption likely lagged. He told IT Brew in a follow-up email that while attacks in August were twice as high as in August 2022, they were “much lower than July.”

Findings, by the numbers:

• The industrial sector continues to be hardest hit by ransomware threat actors, accounting for 155, or 31%, of the attacks in July
• Consumer cyclicals, most notably the hotel and entertainment industries, media, and retail, accounted for 79, or 16%, of the attacks
• Technology, primarily software and IT, was the target of 72, or 14%, of the attacks
• Threat actors overwhelmingly targeted North America in July, with 55% of the attacks
• Cl0p led July with 34% of July’s attacks; LockBit 3.0 attacks declined 17% month over month and represented 10% of attacks in July

The ruckus. As IT Brew previously reported, there was a slight lull in ransomware incidents in 2022, due in part to the war in Ukraine.

Read more here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

When many employees see something, they don’t say something, according to a recent study on cybersecurity incident reporting.

Nearly one-half of surveyed IT and security personnel “were aware of a cybersecurity attack that their organization did not report to the appropriate external authorities,” Keeper Security said in a statement last week.

The survey of 400 North American and European tech professionals also indicated that employees don’t report 41% of known cyber incidents to an organization’s management.

This doesn’t mean employees are unaware of the risks of keeping quiet—or of their responsibility to speak up. Three-fourths of respondents who didn’t report a breach said they felt “guilty” about not doing so.

Several factors might discourage an employee from reporting an incident, Keeper’s results suggested. For example, 43% of respondents cited a fear of potential consequences, 36% assumed a report was unnecessary, and 32% simply forgot to take action.

According to Keeper, the results point to the need for a cultural shift around cyber reporting—including reassuring personnel they won’t get in trouble for speaking up.

Keep reading here.—KG

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Today’s top IT reads.

Stat: 78%. That’s the percentage of executives who said the benefits of AI outweigh the risks in a new Gartner poll. (CIO Dive)

Quote: “This shows current approaches taken by Google and other tech giants to watermark the output of their generative images as a defense is not going to work.”—Soheil Feizi, associate professor of computer science at the University of Maryland, on new research showing digital watermarks aren’t a reliable way of flagging AI-generated content (The Register)

Read: Behind the scenes of today’s nationwide test of the Wireless Emergency Alert system. (CBS News)

Paying a premium…for your premium? You’re not alone. Cyber liability insurance costs have skyrocketed over the last 3 years. Learn what’s driving the rise in cost (and how you can reduce it) in Kolide’s article. Read it here.*

^{*A message from our sponsor.}

The most elusive threats often emerge not from complex code but from manipulating human behavior. Social engineering taps into human psychology, making it a potent tool in a hacker’s arsenal. As cyberattack techniques evolve, understanding how these attacks work and how to combat them becomes paramount.

Discover the power of social engineering in the world of hacking. Learn why it’s crucial to understand and combat these threats in this IT Brew resource. Check it out.