Security News

As a result, there are real consequences including loss of revenue, loss of productivity, and loss of reputation - all of which can jeopardize resiliency and are amplified given today's supply chain concerns related to COVID-19. "Organizations are starting to ask the question about what happens to them if their supply chain partners go out of business. Sadly, most companies don't have the risk visibility into their supply chains to answer that question," stated Brenda Ferraro, VP of third-party risk at Prevalent.

During 2019 a SafeBreach research team discovered major vulnerabilities in widely used security products that were written and tested by reputable cybersecurity companies. Product What can happen Underlying flaws Trend Micro Maximum Security 2019 and 2020 DLL Search-Order Hijacking Signed Execution Whitelisting Bypass Uncontrolled search path, no digital certificate validation against the binary.

Cybersecurity incidents are also a grave problem for companies across global supply chains as more enterprises adopt digitized management systems. A new report from supply chain company Resilience360 goes into detail about the cyberthreats facing supply chains in 2020 and the bevy of incidents that occurred throughout 2019.

How can the use of "Smart contracts" based on distributed ledger technology help improve the overall security picture for evolving healthcare sector supply chains? Mitch Parker, CISO of Indiana University Health, explains. "Smart contracts are pieces of executable code that can run as part of a distributed ledge technology system, and they're relevant to healthcare supply chain because a lot of the [newer] enterprise planning resource systems we're putting in actually support those as a way of doing data interchange," says Parker in an interview with Information Security Media Group.

Buchman said tech supply chains are particularly vulnerable to air cargo changes and because many airlines have canceled flights around the world, this will create a down-chain gap that will become more apparent as manufacturing speeds up. The supply chain management company Anvyl has employees in China and said that his entire team has been quarantined twice.

As a result, companies are not always sure who they are dealing with and the amount of opacity within the supply chain has increased, Conway says. These developments, Conway says, are one reason why the dialogue around supply chain security should be changing and why different approaches are needed.

The U.S. is late to the 5G race. There are multiple strategies that policymakers can pursue to facilitate the near-term rollout of safer and more trusted 5G networks across the country, says Michael Chertoff, executive chairman of The Chertoff Group and former secretary of the Department of Homeland Security.

Three of the world's largest manufacturers had some IoT devices running Windows 7 infected with a piece of malware in what experts believe to be a supply chain attack. TrapX Security reported this week that it had identified a cryptocurrency miner on several IoT devices at some major manufacturers, including automatic guided vehicles, a printer and a smart TV. Ori Bach, the CEO of TrapX, told SecurityWeek that the attacks appeared to be part of the same campaign.

There is no evidence of backdoors in the Huawei equipment; the incident has not damaged relations between the African Union and China; and Huawei has stated, "These data leaks did not originate in technology supplied by Huawei to the AU. What Huawei supplied for the AU project included data center facilities, but those facilities did not have any storage or data transfer functions." Tony Scott concludes in his supply chain whitepaper, provided exclusively to SecurityWeek ahead of public release, a conclusion that is endorsed by Huawei's Purdy, that there is one essential element missing from all current supply chain solutions: independent product testing.

Purchase, NY-based Mastercard announced that it has agreed to acquire Salt Lake City, UT-based RiskRecon, an online security monitoring company that focuses on third-party risk management. Terms...