Supply Chain Archives - Page 2 of 3 - Cyber Security Minute

Chinese Cyberspies Use Supply Chain Attack to Deliver Windows, macOS Malware

Issued by: Security Week

Also referred to as APT27, Bronze Union, Emissary Panda, Lucky Mouse, and TG-3390 (Threat Group 3390), Iron Tiger has been active since at least 2010, targeting hundreds of organizations worldwide for cyberespionage purposes. As part of recent attacks, the advanced persistent threat (APT) group abused the compromised servers of MiMi – an instant messaging application…

Malware & Threats

LofyLife: malicious packages in npm repository | Kaspersky official blog

Issued by: Kaspersky Blog

Open-source code is a blessing for the IT industry — it helps programmers save time and build products faster and more efficiently by eliminating the need of writing repetitive common code. To facilitate this knowledge sharing, there are repositories — open platforms where any developer can publish their own packages with their code to speed…

Vulnerabilities

The 3 Critical Elements You Need for Vulnerability Management Today

Issued by: Dark Reading

In a world increasingly dependent on technology, software sprawl is growing. Companies use custom-built software, open source software, and products from third-party providers when building applications. Through this software supply chain, the digital attack surface expands. Each software dependency can also open it up to potential attack as bugs are found in all types of…

Malware & Threats

How to Keep Your Enterprise Safe From Digital Supply Chain Attacks

Issued by: Dark Reading

The digital supply chain is under attack like never before. Listed among the top three security concerns for 2022 by Gartner, digital supply chain security is now top of mind for cybersecurity teams, CISOs, and the entire C-suite. For the first time, digital supply chain attacks are threatening business continuity for large-scale enterprises. Why the…

Malware & Threats

Ransomware Attack Hits Production Facilities of Agricultural Equipment Giant AGCO

Issued by: Security Week

AGCO designs, makes, and distributes agricultural machinery and precision technology, offering equipment under brands such as Challenger, Fendt, Massey Ferguson, and Valtra. On Friday, the company announced that it fell victim to a ransomware attack that impacted some production facilities. AGCO says it has launched an investigation into the incident and estimates that it might…

Vulnerabilities

Critically Underrated: Studying the Data Distribution Service (DDS) Protocol

Issued by: Trend Micro Blog

Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in use. DDS is integral in embedded systems that require real-time machine-to-machine communication, facilitating a reliable…

Network Security

Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems

Issued by: Trend Micro Blog

If there existed a prize for the most pervasive, critical, and least-known middleware technology, the Data Distribution Service (DDS) standard would certainly win it. When we first presented the results of this research at the Black Hat Europe Briefings, the audience appeared to be completely unaware (embarrassed, even) that the DDS drives railways, autonomous cars,…

Application Security, Software Security

Cyber Insights 2022: Supply Chain

Issued by: Security Week

Mike Sentonas, CTO at CrowdStrike, comments, “Frankly put, supply chains are vulnerable, and adversaries are actively researching ways to take advantage of this. We haven’t nearly seen the end of these attacks, and the implications for each one are significant for both the victims and the victims’ customers and partners up and down the chain.”…

Malware & Threats

The Logistics Supply Chain is Being Targeted by Both Cybercriminals and Nation States

Issued by: Security Week

Attacks against the supply chain have been growing in quantity and gravity for several years, culminating in SolarWinds. Most discussion has focused on the software supply chain, but a new study shows that the physical logistics supply chain is equally subject, and susceptible, to cyberattacks. The Covid-19 pandemic has increased and highlighted the world’s reliance…

Vulnerabilities

CPRA hints at the future of cybersecurity and privacy

Issued by: Help Net Security

One of the most notable ballot propositions impacting the privacy and cybersecurity world during the US 2020 election was the passage of the California Privacy Rights Act (CPRA). Predominantly considered an updated version of 2018’s California Consumer Privacy Act (CCPA), the CPRA incorporates several changes other than the highly touted establishment of the California Privacy…