Security News

Mimecast bins SolarWinds and compromised servers alike in wake of supply chain hack
2021-03-17 18:30

Email security biz Mimecast has dumped SolarWinds' network monitoring tool in favour of Cisco's Netflow product after falling victim to the infamous December supply chain attack. In an incident report detailing its experiences of the SolarWinds compromise, Mimecast said it had "Decommissioned SolarWinds Orion and replaced it with an alternative NetFlow monitoring system".

TIA publishes process-based supply chain security standard for the ICT industry
2021-03-15 23:15

The Telecommunications Industry Association published a new white paper on SCS 9001, the first process-based supply chain security standard for the information communications technology industry. With sophisticated supply chain cyberattacks on the rise, SCS 9001 is on an accelerated schedule to address the urgent need for an ICT-specific standard for global supply chain security.

A new Linux Foundation open source signing tool could make secure software supply chains universal
2021-03-11 15:13

Sigstore could eliminate the headaches associated with current software signing technology through public ledgers. The Linux Foundation, in partnership with Red Hat, Google and Purdue University, has announced a new digital signing project, potentially eliminating many of the headaches that come with securing open source software, files, images and binaries.

Intel to Speak at SecurityWeek Supply Chain Security Summit on March 10th
2021-03-09 14:37

Join Intel on Wednesday, March 10, at SecurityWeek's Supply Chain Security Summit, where industry leaders will examine the current state of supply chain attacks. Hear Intel's experts discuss the need for transparency and integrity across the complete product lifecycle, from build to retire.

Intel Corp. to Speak at SecurityWeek Supply Chain Security Summit
2021-03-09 01:11

Join Intel on Wednesday, March 10, at SecurityWeek's Supply Chain Security Summit, where industry leaders will examine the current state of supply chain attacks. Hear Intel's experts discuss the need for transparency and integrity across the complete product lifecycle, from build to retire.

Poison packages – “Supply Chain Risks” user hits Python community with 4000 fake modules
2021-03-07 23:43

If you suddenly realise you want to use Python module called asteroid, for example, you can just do pip install asteroid, after which your own Python programs can say import asteroid, and start making use of the package. A third sort of supply chain attack - one that is rather less sophisticated and has no guarantee of success, yet is extremely easy to pull off - is to create a fake package with a misleading name that users in a hurry might download and install by mistake.

Massive Supply-Chain Cyberattack Breaches Several Airlines
2021-03-05 19:52

Yahil declined to say how many users have been affected for confidentiality reasons, but Singapore Airlines reported more than 580,000 impacted customers alone, meaning the compromise could ultimately impact millions of users. "Many airlines have issued public statements confirming what types of data have been affected in relation to their passengers."

SolarWinds reports $3.5 million in expenses from supply-chain attack
2021-03-02 17:42

SolarWinds has reported expenses of $3.5 million from last year's supply-chain attack, including costs related to incident investigation and remediation. Further expenses were recorded by SolarWinds after paying for legal, consulting, and other professional services related to the December hack and provided to customers for free.

Ukraine Says Russian Cyberspies Targeted Gov Agencies in Supply Chain Attack
2021-02-25 14:37

The agency said it had linked the attack to "One of the hacker spy groups from the Russian Federation." The incident was described as a supply chain attack and compared to the NotPetya attack of 2017 and the recently disclosed SolarWinds incident. Another press release, issued on Monday, said the NCCC had been seeing "Massive DDoS attacks" since February 18.

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
2021-02-25 08:58

Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities. "The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most public authorities," the National Security and Defense Council of Ukraine said in a statement published on Wednesday.