Security News

Dell Technologies on Thursday announced new security offerings designed to address threats targeting the supply chain, a device's boot process, and sensitive data. For supply chain security, Dell unveiled SafeSupply Chain solutions.

Unknown hackers have been trying to compromise accounts and computer systems of employees in organizations involved in the COVID-19 vaccine supply chain. The targets? Select executives in sales, procurement, information technology and finance positions at organizations around the world associated with Gavi, The Vaccine Alliance's Cold Chain Equipment Optimization Platform program.

The Lazarus cybercriminal group is using a novel supply-chain attack against visitors to websites operated by the South Korean government and financial firms, in order to deliver dropper malware that eventually plants a remote access trojan on victim's PCs. The attacks use stolen digital certificates from two security firms, which allow Lazarus operators to corrupt a browser plug-in designed to protect users from being hacked. In this attack the Lazarus Group, notorious for its 2014 Sony Pictures Entertainment hack, exploits security software made by Wizvera.

The North Korea-linked threat actor known as Lazarus has been targeting users in South Korea through a supply chain attack that involves software typically required by government and financial organizations, ESET reported on Monday. Lazarus is the most well known hacker group that is believed to be operating on behalf of the North Korean government, with attacks ranging from espionage to profit-driven operations.

Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools on target systems. Attributing the operation to the Lazarus Group, also known as Hidden Cobra, Slovak internet security company ESET said the state-sponsored threat actor leveraged the mandatory requirement that internet users in the country must install additional security software in order to avail Internet banking and essential government services.

New research from RiskRecon and the Cyentia Institute pinpointed risk in third-party healthcare supply chain and showed that healthcare's high exposure rate indicates that managing a comparatively small Internet footprint is a big challenge for many organizations in that sector. There is a silver lining: gaining the visibility needed to pinpoint and rectify exposures in the healthcare risk surface is feasible.

Commentary: Open source has never been more popular, which means it's time to figure out how to effectively secure the open source you use. The world is made of software, and upwards of 99% of any software you use-open source or proprietary-includes open source components.

Financial institutions have interdependent supply chains that offer a "Broad, target-rich attack surface that adversaries can undermine," a new report from Accenture warns. Supply chains, which introduce increasingly interconnected attack surfaces.

One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm. Security firm FireEye dubbed that hacking blitz "One of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years."

The Atlantic Council has a released a report that looks at the history of computer supply chain attacks. Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and Iran as well as India, Egypt, the United States, and Vietnam.