Security News

Together with Nate Kim and Trey Herr, I have written a paper on IoT supply chain security. The basic problem we try to solve is: How do you enforce IoT security regulations when most of the stuff is made in other countries? And our solution is: enforce the regulations on the domestic company that's selling the stuff to consumers.

Hackers are targeting German companies tasked with replenishing the nation's supply of personal protective equipment. The X-Force team believes that the corporation is being targeted specifically because of its status within the task force, and the phishing campaign is part of a larger effort by an unknown hacking crew to disrupt the PPE supply chain in Germany.

As global organizations continue to commit significant financial and human capital towards ESG goals, Kountable launches ESG Execution Services & Solutions for CEOs and Chairmen who have mandated their corporations to source responsibly, minimize their footprint and meet ESG standards globally. Kountable's ESG Execution practice has been under development for over 24 months and represents a sustained, purpose-led capital commitment to technology, best practices, consulting and methodologies to serve its ESG impact fund customers and SDG-centered asset management partners.

Japan-based systems integrator NTT Communications has disclosed a recent data breach that it said impacted hundreds of customers. NTT Communications did not clarify what kind of data may have been accessed, nor did it mention how attackers were able to move laterally on the network.

GitHub revealed on Thursday that tens of open source NetBeans projects hosted on its platform were targeted by a piece of malware as part of what appears to be a supply chain attack. GitHub learned about the malware, which has been named Octopus Scanner, on March 9 from a security researcher who noticed that several repositories hosted on GitHub had been serving malware, likely without their owners' knowledge.

This unprecedented access gives organizations the ability to see detailed views of all vendors, including profile information, the VendorBase risk assessment score, explanations on risk scores, a timeline view of relevant email communication and security activity for that vendor. "Before VendorBase, organizations lacked clear visibility of the BEC risk from their supply chains. This new capability greatly mitigates this risk and makes it much easier for organizations to directly remediate and investigate BEC attacks from compromised vendors."

Researchers have trawled the dark web to see how the underground is responding to the COVID-19 pandemic. Researchers from Trustwave have found that the underground mirrors the overground - some people seek to make money from the crisis, others ignore it, and still others offer genuine help, information and advice to forum members.

"Technology adoption has skyrocketed in virtually every segment of our agriculture sector including food production, processing, and distribution," comments Parham Eftekhari, founder and chairman of the Institute for Critical Infrastructure Technology, "And experts predict this trend to continue with robotics and self-driving freight carriers paving the way for an autonomous future. This creates significant opportunity for disruption to our supply chain and food safety concerns." He continued, "Today, we are already hearing stories of processing plants shutting down and the potential of food shortages. What if manufacturing and storage facilities of perishable food products have their cooling systems hacked during a time of a national food shortage? It would only take a handful of high-profile attacks to create panic among citizens that could lead to a rush on grocery stores and threaten an already fragile food supply."

Billions of data points are gathered throughout the UPS network every week. Find out how the information collected is revolutionizing the logistics giant.

Rather than reinventing the wheel by writing their own code to handle common tasks, they write it once as a software package and upload it to repositories. These repositories contain thousands of packages for developers to download. The upside is that it accelerates software development.