Cyberattack Disrupts Microchip Technology Manufacturing Facilities

August 21, 2024 at 05:18AM US semiconductor supplier Microchip Technology disclosed a cyberattack impacting its manufacturing facilities. The company detected suspicious activity on its IT systems on August 17, affecting some operations. It isolated affected systems, called in cybersecurity advisors, and is working to restore normal business operations. It’s unclear whether the attack will have … Read more

Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

August 11, 2024 at 06:27AM Researchers found a malicious package on PyPI that poses as a Solana blockchain library to steal user secrets. The fraudulent “solana-py” package was downloaded 1,122 times before being removed. It mimicked the legitimate “solana” package and harvested wallet keys. The attack highlights supply chain risks and the abuse of legitimate … Read more

PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models 

July 26, 2024 at 05:51AM Binarly has identified a security vulnerability named “PKfail,” centered around an exposed American Megatrends International Platform Key (PK), utilized as a Secure Boot private key. This flaw, found in hundreds of computer models from various manufacturers, allows attackers to sign and execute malicious code during the device’s boot process, potentially … Read more

PKfail Secure Boot bypass lets attackers install UEFI malware

July 25, 2024 at 05:45PM UEFI products from 10 vendors are vulnerable to compromise due to a critical firmware supply-chain issue called PKfail, allowing attackers to bypass Secure Boot and install malware. The affected devices use a test Secure Boot master key from American Megatrends International, which often remains untrusted by OEMs. Vendors are advised … Read more

DHS Inspector General: Coast Guard Shortcomings Hinder US Maritime Security

July 19, 2024 at 10:35AM The Coast Guard struggles to secure the US maritime supply chain due to inadequate staffing, training, authority, and cyber expertise. A new report highlights the industry’s reluctance to seek cybersecurity support, blaming the Coast Guard for not fully addressing potential cybersecurity threats. While the Coast Guard has the authority to … Read more

MxD Research Reveals Major Disconnect Between Perceived and Actual Cybersecurity Capabilities in US Manufacturing

July 17, 2024 at 04:55PM The report from MxD and the National Center for Cybersecurity in Manufacturing highlights the urgent need for the U.S. manufacturing sector to enhance its cybersecurity posture. It reveals that manufacturers are overestimating their capabilities and identifies key areas where additional resources can strengthen cybersecurity infrastructure. The report also emphasizes the … Read more

Top 5 Mistakes Businesses Make When Implementing Zero Trust

July 17, 2024 at 04:40PM The press release highlights the growing trend of organizations adopting Zero Trust architectures in response to evolving cybersecurity threats. It emphasizes the challenges and common mistakes organizations face when implementing these strategies, such as overlooking organizational culture, underestimating human risk, neglecting the supply chain, failing to plan for sustainable success, … Read more

60 New Malicious Packages Uncovered in NuGet Supply Chain Attack

July 11, 2024 at 11:49AM Threat actors have launched a new wave of malicious packages on the NuGet package manager, using a sophisticated approach to evade detection. The 60 fresh packages demonstrate a refined strategy, employing IL weaving to inject malicious functionality into legitimate .NET binaries. The end goal is to deliver a remote access … Read more

Saviynt Expands Capabilities With EY Alliance, Elevating Approach to External User Management With its Identity Cloud

July 10, 2024 at 05:17PM Saviynt announced a collaboration with EY to manage third-party identities and simplify external staff administration. The joint effort will enable improved on-boarding, administration, and risk management for external workforce and suppliers. Saviynt’s Identity Cloud platform will help address challenges in managing external identities, providing a more streamlined and secure process. … Read more

Polyfill Supply Chain Attack Hits Over 100k Websites 

June 26, 2024 at 07:07AM Over 100,000 websites have been targeted by a supply chain attack injecting malware through a Polyfill domain, as reported by SecurityWeek. Based on the meeting notes, it appears that a supply chain attack involving the injection of malware through a Polyfill domain has impacted over 100,000 websites. This information was … Read more