#SupplyChainSecurity

China’s Cyber Offensives Built in Lockstep With Private Firms, Academia

by

November 22, 2024 at 09:51AM Research reveals that numerous private cybersecurity firms and universities are aiding China in developing offensive cyber capabilities to support military and economic ambitions. This collaboration enhances cyberattacks, particularly against U.S. infrastructure, raising concerns about China’s persistent cyber threats and the complex ecosystem involving state and non-state actors. ### Meeting Takeaways … Read more

African Reliance on Foreign Suppliers Boosts Insecurity Concerns

by

November 20, 2024 at 03:08AM For five years, the African Union’s headquarters faced espionage, with data uploaded to China-based systems. As reliance on foreign technology increases, African nations aim to enhance local tech capabilities, seeking independence from external influences. The focus is on balancing investment needs with security risks associated with foreign supply chains. ### … Read more

Deepen your knowledge of Linux security

by

November 18, 2024 at 09:51AM On December 10th at 10am PT/1pm ET, Red Hat will host the State of Linux Security Symposium 2024, offering IT professionals insights on securing Linux environments. Featuring six sessions, topics include security practices, supply chain safeguards, and RHEL benefits. Register now to enhance your Linux security knowledge. ### Meeting Notes … Read more

Lessons From OSC&R on Protecting the Software Supply Chain

by

November 15, 2024 at 09:44AM Today’s software development, combining open source, third-party, and custom code, faces heightened vulnerabilities, as evidenced by notable breaches. A recent report highlights that 95% of organizations encounter serious risks, emphasizing the need for proactive, multilayered security strategies throughout the development life cycle to mitigate these ongoing threats effectively. ### Meeting … Read more

Amazon Employee Data Compromised in MOVEit Breach

by

November 12, 2024 at 05:37PM Amazon confirmed employee data was exposed due to the MOVEit vulnerability, affecting a third-party vendor. While files were accessed, Amazon stated its systems remain secure. The incident highlights supply chain vulnerabilities, impacting over 2,700 organizations. Analysts consider this breach one of the largest corporate information leaks last year. **Meeting Summary … Read more

‘GoIssue’ Cybercrime Tool Targets GitHub Developers En Masse

by

November 12, 2024 at 12:52PM Researchers identified a tool named GoIssue on a cybercrime forum aimed at GitHub users for bulk credential theft and malicious activities. It automates email harvesting from GitHub profiles for phishing campaigns. Potentially linked to an earlier extortion campaign, it enhances risks for developers, urging vigilance against suspicious communications. ### Meeting … Read more

GitLoker Strikes Again: New “Goissue” Tool Targets GitHub Developers and Corporate Supply Chains

by

November 12, 2024 at 09:32AM GoIssue is a new tool enabling cybercriminals to extract email addresses from GitHub profiles for bulk email attacks on users, highlighting vulnerabilities in GitHub’s security for developers and corporate supply chains. The article discusses its implications for online security. **Meeting Takeaways:** 1. **Introduction of GoIssue Tool**: A new tool named … Read more

Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems

by

November 6, 2024 at 08:06AM The SANS 2024 report reveals a rise in attacks on industrial control systems, with 74.4% of incidents being non-ransomware related. Key attack vectors include remote services and supply chain compromises. While ransomware incidents are relatively low (12%), their impact on ICS/OT environments remains severe, affecting reliability and safety. **Meeting Takeaways: … Read more

Cyberattackers stole Microlise staff data following DHL, Serco disruption

by

November 6, 2024 at 07:11AM Microlise reported a network attack that likely did not expose customer data, although limited employee information was compromised. The incident, disclosed on October 31, caused a 16% drop in their share price. The company expects service to return to normal by next week and is investigating further with cybersecurity experts. … Read more

Cybersecurity Training Resources Often Limited to Developers

by

October 30, 2024 at 12:59PM Recent studies reveal that many cybersecurity executives prioritize software security training only for select employees, often neglecting company-wide awareness. Factors like customer satisfaction and financial costs drive their decisions, leading to ineffective training strategies. Effective, tailored training for all employees is essential to mitigate risks and enhance organizational resilience against … Read more