Security News

Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools on target systems. Attributing the operation to the Lazarus Group, also known as Hidden Cobra, Slovak internet security company ESET said the state-sponsored threat actor leveraged the mandatory requirement that internet users in the country must install additional security software in order to avail Internet banking and essential government services.

New research from RiskRecon and the Cyentia Institute pinpointed risk in third-party healthcare supply chain and showed that healthcare's high exposure rate indicates that managing a comparatively small Internet footprint is a big challenge for many organizations in that sector. There is a silver lining: gaining the visibility needed to pinpoint and rectify exposures in the healthcare risk surface is feasible.

Commentary: Open source has never been more popular, which means it's time to figure out how to effectively secure the open source you use. The world is made of software, and upwards of 99% of any software you use-open source or proprietary-includes open source components.

Financial institutions have interdependent supply chains that offer a "Broad, target-rich attack surface that adversaries can undermine," a new report from Accenture warns. Supply chains, which introduce increasingly interconnected attack surfaces.

One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm. Security firm FireEye dubbed that hacking blitz "One of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years."

The Atlantic Council has a released a report that looks at the history of computer supply chain attacks. Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and Iran as well as India, Egypt, the United States, and Vietnam.

Together with Nate Kim and Trey Herr, I have written a paper on IoT supply chain security. The basic problem we try to solve is: How do you enforce IoT security regulations when most of the stuff is made in other countries? And our solution is: enforce the regulations on the domestic company that's selling the stuff to consumers.

Hackers are targeting German companies tasked with replenishing the nation's supply of personal protective equipment. The X-Force team believes that the corporation is being targeted specifically because of its status within the task force, and the phishing campaign is part of a larger effort by an unknown hacking crew to disrupt the PPE supply chain in Germany.

As global organizations continue to commit significant financial and human capital towards ESG goals, Kountable launches ESG Execution Services & Solutions for CEOs and Chairmen who have mandated their corporations to source responsibly, minimize their footprint and meet ESG standards globally. Kountable's ESG Execution practice has been under development for over 24 months and represents a sustained, purpose-led capital commitment to technology, best practices, consulting and methodologies to serve its ESG impact fund customers and SDG-centered asset management partners.

Japan-based systems integrator NTT Communications has disclosed a recent data breach that it said impacted hundreds of customers. NTT Communications did not clarify what kind of data may have been accessed, nor did it mention how attackers were able to move laterally on the network.