Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label supply chain security. Show all posts
supply chain security
Access control Adversarial attacks agentic AI AI Algorithmic security Data Safety identity management Privacy supply chain security

AI Agents and the Rise of the One-Person Unicorn

 


Building a unicorn has been synonymous for decades with the use of a large team of highly skilled professionals, years of trial and error, and significant investments in venture capital. That is the path to building a unicorn, which has a value of over a billion dollars. Today, however, there is a fundamental shift in the established model in which people live. As AI agentic systems develop rapidly, shaped in part by OpenAI's vision of autonomous digital agents, one founder will now be able to accomplish what once required an entire team of workers.

It is evident in today's emerging landscape that the concept of "one-person unicorn" is no longer just an abstract concept, but rather a real possibility, as artificial intelligence agents expand their role beyond mere assistants, becoming transformative partners that push the boundaries of individual entrepreneurship. In spite of the fact that artificial intelligence has long been part of enterprise strategies for a long time, Agentic Artificial Intelligence marks the beginning of a significant shift. 

Aside from conventional systems, which primarily analyse data and provide recommendations, these autonomous agents can act independently to make strategic decisions and directly affect the outcome of their business decisions without needing any human intervention at all. This shift is not merely theoretical—it is already reshaping organisational practices on a large scale.

It has been revealed that the extent to which generative AI is being adopted is based on a recent survey conducted among 1,000 IT decision makers in the United States, the United Kingdom, Germany, and Australia. Ninety per cent of the survey respondents indicated that their companies have incorporated generative AI into their IT strategies, and half have already implemented AI agents. 

A further 32 per cent are preparing to follow suit shortly, according to the survey. In this new era of artificial intelligence, defining itself no longer by passive analytics or predictive modelling, but by autonomous agents capable of grasping objectives, evaluating choices, and executing tasks without the need for human intervention, people are seeing a new phase of AI emerge. 

With the advent of artificial intelligence, agents are no longer limited to providing assistance; they are now capable of orchestrating complex workflows across fragmented systems, adapting constantly to changing environments, and maximising outcomes on a real-time basis. With this development, there is more to it than just automation. It represents a shift from static digitisation to dynamic, context-aware execution, effectively transforming judgment into a digital function. 

Leading companies are increasingly comparing the impact of this transformation with the Internet's, but there is a possibility that the reach of this transformation may be even greater. Whereas the internet revolutionised external information flows, artificial intelligence is transforming internal operations and decision-making ecosystems. 

As a result of such advances, healthcare diagnostics are guided and predictive interventions are enabled; manufacturing is creating self-optimized production systems; and legal and compliance are simulating scenarios in order to reduce risk and accelerate decisions in order to reduce risk. This advancement is more than just boosting productivity – it has the potential to lay the foundations of new business models that are based on embedded, distributed intelligence. 

According to Google CEO Sundar Pichai, artificial intelligence is poised to affect “every sector, every industry, every aspect of our lives,” making the case that the technology is a defining force of our era, a reminder of the technological advances of this era. Agentic AI is characterised by its ability to detect subtle patterns of behaviour and interactions between services that are often difficult for humans to observe. This capability has already been demonstrated in platforms such as Salesforce's Interaction Explorer, which allows AI agents to detect repeated customer frustrations or ineffective policy responses and propose corrective actions, resulting in the creation of these platforms. 

Therefore, these systems become strategic advisors, which are capable of identifying risks, flagging opportunities, and making real-time recommendations to improve operations, rather than simply being back-office tools. Combined with the ability to coordinate between agents, the technology can go even further, allowing for automatic cross-functional enhanced functionality that speeds up business processes and efficiency. 

As part of this movement, leading companies like Salesforce, Google, and Accenture are combining complementary strengths to provide a variety of artificial intelligence-driven solutions ranging from multilingual customer support to predictive issue resolution to intelligent automation, integrating Salesforce's CRM ecosystem with Google Cloud's Gemini models and Accenture's sector-specific expertise. 

Moreover, with the availability of such tools, innovation is no longer confined to engineers alone; subject matter experts across a wide range of industries can now drive adoption and shape the next wave of enterprise transformation, since they have the means to do so. In order to be competitive, an organisation must not simply rely on pre-built templates. 

Instead, it must be able to customise its Agentic AI system according to its unique identity and needs. As a result of the use of natural language prompts, requirement documents, and workflow diagrams, businesses can tailor agent behaviours without having to rely on long development cycles, large budgets, or a lot of technical expertise. 

In the age of no-code and natural language interfaces, the ability to customise agents is shifting from developers to business users, ensuring that agents reflect the company's distinctive values, brand voice, and philosophy, moving the power of customisation from developers to business users. Moreover, advances in multimodality are allowing AI to be used in new ways beyond text, including voice, images, videos, and sensors. Through this evolution, agents will be able to interpret customer intent more deeply, providing them with more personalised and contextually relevant assistance based on customer intent. 

In addition, customers are now able to upload photos of defective products rather than type lengthy descriptions, or receive support via short videos rather than pages of text if they have a problem with a product. A crucial aspect of these agents is that they retain memories across their interactions, so they can constantly adapt to individual behaviours, making digital engagement less transactional and more like an ongoing, human-centred conversation, rather than a transaction. 

There are many implications beyond operational efficiency and cost reduction that are being brought about by Agentic AI. As a result of this transformation, a radical redefining of work, value creation, and even entrepreneurship itself is becoming apparent. With the capability of these systems enabling companies as well as individuals to utilise distributed intelligence, they are redefining the boundaries between human and machine collaboration, and they are not just reshaping workflows—they are redefining the boundaries of human and machine collaboration. 

A future in which scale and impact are no longer determined by headcount, but rather by the sophisticated capabilities of digital agents working alongside a single visionary, is what people are seeing in the one-person unicorn. While this transformation is bringing about societal changes, it also raises a number of concerns. The increasing delegating of decision-making tasks to autonomous agents raises questions about accountability, ethics, job displacement, and systemic risks. 

In this time and age, regulators, policymakers, and industry leaders must establish guardrails that ensure that the benefits of artificial intelligence do not further deepen inequalities or erode trust by balancing innovation with responsibility. The challenge for companies lies in deploying these tools not only in a fast and efficient manner, but also by their values, branding, and social responsibilities. It is not just the technical advance of autonomous agents that makes this moment historic, but also the cultural and economic pivot they signal that makes it so. 

Likewise to the internet, which democratized access to information in the past, artificial intelligence agents are poised to democratize access to judgment, strategy, and execution, which were traditionally restricted to larger organisations. Using it, enterprises can achieve new levels of agility and competitiveness, while individuals can achieve a greater amount of what they can accomplish. Agentic intelligence is not just an incremental upgrade to existing systems, but an entire shift that determines how the digital economy will function in the future, a shift which will define the next chapter in the history of our society.
Read more »
supply chain security
Bank Data Data Breach Data Leak data security fake ads Fidelity Personal Data Phishing Attack Phishing Camapign supply chain security

General Dynamics Confirms Data Breach Via Phishing Campaign

 


In October 2024, General Dynamics (GD), a prominent name in aerospace and defense, confirmed a data breach impacting employee benefits accounts. The breach, detected on October 10, affected 37 individuals, including two residents of Maine. Attackers accessed sensitive personal data and bank details, with some accounts experiencing unauthorized changes.

The incident originated from a phishing campaign targeting a third-party login portal for Fidelity’s NetBenefits Employee Self Service system. Through a fraudulent ad campaign, attackers redirected employees to a spoofed login page resembling the legitimate portal. Employees who entered their credentials inadvertently provided access to their accounts. The compromised data included:

  • Personal Information: Names, birthdates, and Social Security numbers.
  • Government IDs: Details of government-issued identification.
  • Banking Details: Account numbers and direct deposit information.
  • Health Information: Disability status of some employees.

In some cases, attackers altered direct deposit information in affected accounts. The breach began on October 1, 2024, but was only discovered by General Dynamics on October 10. Once identified, access to the compromised portal was suspended, and affected employees were promptly notified. Written instructions were sent to reset credentials and secure accounts. Forensic experts were engaged to assess the breach, determine its scope, and address vulnerabilities.

Company’s Response and Support

General Dynamics emphasized that the breach was isolated to the third-party login portal and did not compromise its internal systems. In a report to the Maine Attorney General’s Office, the company stated, “Available evidence indicates that the unauthorized access occurred through the third party and not directly through any GD business units.”

To assist affected individuals, General Dynamics is offering two years of free credit monitoring services. Impacted employees were advised to:

  • Reset login credentials and avoid reusing old passwords.
  • Monitor bank and benefits accounts for suspicious activity.
  • Follow provided guidelines to safeguard personal information.

For additional support, the company provided resources and contacts to address employee concerns.

Previous Cybersecurity Incidents

This is not the first cybersecurity challenge faced by General Dynamics. In June 2024, its Spanish subsidiary, Santa Barbara Systems, was targeted by a pro-Russian hacker group in a distributed denial-of-service (DDoS) attack. While the incident caused temporary website disruption, no sensitive data was compromised.

Earlier, in March 2020, a ransomware attack on Visser Precision, a General Dynamics subcontractor, exposed sensitive data through the DoppelPaymer ransomware group. Although General Dynamics’ internal systems were not directly impacted, the incident highlighted vulnerabilities in supply chain cybersecurity.

These recurring incidents highlight the persistent threats faced by defense companies and underscore the critical need for robust cybersecurity measures to protect sensitive data. General Dynamics’ swift response and ongoing vigilance demonstrate its commitment to addressing cybersecurity challenges and safeguarding its employees and systems.

Read more »
supply chain security
Cyber Attacks Ransomware attack Ransomwares Software Providers Supply Chain supply chain attacks supply chain security

Ransomware Attack on Blue Yonder Disrupts Global Supply Chains

 

Blue Yonder, a leading supply chain software provider, recently experienced a ransomware attack that disrupted its private cloud services. The incident, which occurred on November 21, 2024, has affected operations for several high-profile clients, including major grocery chains in the UK and Fortune 500 companies. While the company’s Azure public cloud services remained unaffected, the breach significantly impacted its managed services environment. The attack led to immediate operational challenges for key customers. UK supermarket chains Morrisons and Sainsbury’s were among the most affected. 

Morrisons, which operates nearly 500 stores, reported delays in the flow of goods due to the outage. The retailer activated backup systems but acknowledged that its operations were still disrupted. Sainsbury’s similarly implemented contingency plans to address the situation and minimize the impact on its supply chain. In the United States, Blue Yonder serves prominent grocery retailers such as Kroger and Albertsons, though these companies have not confirmed whether their systems were directly affected. 

Other notable clients, including Procter & Gamble and Anheuser-Busch, also declined to comment on any disruptions they might have faced as a result of the attack. In response to the breach, Blue Yonder has enlisted the help of external cybersecurity firms to investigate the incident and implement stronger defenses. The company has initiated forensic protocols to safeguard its systems and prevent further breaches. While recovery efforts are reportedly making steady progress, Blue Yonder has not provided a timeline for full restoration. The company continues to emphasize its commitment to transparency and security as it works to resolve the issue. 

This attack highlights the growing risks faced by supply chain companies in an era of increasing cyber threats. Disruptions like these can have widespread consequences, affecting both businesses and consumers. A recent survey revealed that 62% of organizations experienced ransomware attacks originating from software supply chain vulnerabilities within the past year. Such findings underscore the critical importance of implementing robust cybersecurity measures to protect against similar incidents. 

As Blue Yonder continues its recovery efforts, the incident serves as a reminder of the potential vulnerabilities in supply chain operations. For affected businesses, the focus remains on mitigating disruptions and ensuring continuity, while industry stakeholders are left grappling with the broader implications of this growing threat.
Read more »
WinRAR
Aerospace APT29 CVE vulnerability Data Breach Foreign policy Russia-Ukraine War Russian Hacker Software Bug supply chain security Ukraine WinRAR

APT29 Strikes: WinRAR Exploits in Embassy Cyber Attacks

During the latest wave of cyberattacks, foreign embassies have been the target of a malicious group known as APT29. They have employed a highly complex attack method that takes advantage of weaknesses in WinRAR, a widely used file compression software. There have been shockwaves throughout the cybersecurity world due to this worrisome disclosure, leading to immediate action to strengthen digital defenses.

According to reports from cybersecurity experts, APT29 has ingeniously employed the NGROK feature in conjunction with a WinRAR exploit to infiltrate embassy networks. The NGROK service, designed for secure tunneling to localhost, has been repurposed by hackers to conceal their malicious activities, making detection and attribution a formidable challenge.

WinRAR, a widely used application for compressing and decompressing files, has been targeted due to a specific vulnerability, identified as CVE-2023-38831. This flaw allows the attackers to execute arbitrary code on the targeted systems, giving them unfettered access to sensitive information stored within embassy networks.

The attacks, initially discovered by cybersecurity researchers, have been corroborated by the Ukrainian National Security and Defense Council (RNBO). Their November report outlines the APT29 campaigns, shedding light on the extent of the damage inflicted by these cyber intruders.

The fact that foreign embassies are specifically being targeted by this onslaught is very disturbing. Because these organizations handle so much private, political, and diplomatic data, they are often the focus of state-sponsored cyber espionage. The attackers' capacity to take advantage of flaws in popular software, such as WinRAR, emphasizes the necessity of constant watchfulness and timely software updates to reduce any threats.

Cybersecurity professionals advise companies, particularly those in delicate industries like diplomacy, to conduct extensive security assessments, quickly fix holes, and strengthen their defenses against ever-evolving cyber attacks in reaction to these disclosures. The APT29 attacks highlight the significance of a multi-pronged cybersecurity strategy that incorporates advanced threat detection methods, personnel awareness training, and strong software security procedures.

International cybersecurity organizations must work together as governments struggle with the ever-changing world of cyber threats. The APT29 attacks are a sobering reminder that the digital sphere has turned into a combat zone and that, in order to preserve diplomatic relations and maintain national interests, defense against such threats necessitates a united front.

Read more »
Yahoo
Cyber Defence Cyber Security Digital World Geopolitical Protocols Russian Security Framework supply chain security Ukraine Yahoo

Russian Hackers Target Ukraine's Fighter Jet Supplier

 

A cyberattack on a Ukrainian fighter aircraft supplier has been reported, raising concerns about whether cybersecurity risks in the region are increasing. The incident—attributed to Russian hackers—highlights the need to have robust cyber defense strategies in a world where everything is connected.

According to a recent article in The Telegraph,  the cyber attack targeted Ukraine's key supplier for fighter jets. The attackers, suspected to have ties to Russian cyber espionage, aimed to compromise sensitive information related to defense capabilities. Such incidents have far-reaching consequences, as they not only threaten national security but also highlight the vulnerability of critical infrastructure to sophisticated cyber threats.

Yahoo News further reports that Ukrainian cyber defense officials are actively responding to the attack, emphasizing the need for a proactive and resilient cybersecurity framework. The involvement of top Ukrainian cyber defense officials indicates the gravity of the situation and the concerted efforts being made to mitigate potential damage. Cybersecurity has become a top priority for nations globally, with the constant evolution of cyber threats necessitating swift and effective countermeasures.

The attack on the fighter jet supplier raises questions about the motivations behind such cyber intrusions. In the context of geopolitical tensions, cyber warfare has become a tool for state-sponsored actors to exert influence and gather intelligence. The incident reinforces the need for nations to bolster their cyber defenses and collaborate on international efforts to combat cyber threats.

As technology continues to advance, the interconnectedness of critical systems poses a challenge for governments and organizations worldwide. The Telegraph's report highlights the urgency for nations to invest in cybersecurity infrastructure, adopt best practices, and foster international cooperation to tackle the escalating threat landscape.

The cyberattack on the supplier of fighter jets to Ukraine is an alarming indicator of how constantly changing the dangers to global security are. For countries to survive in the increasingly digital world, bolstering cybersecurity protocols is critical. The event emphasizes the necessity of a proactive approach to cybersecurity, where cooperation and information exchange are essential components in preventing cyberattacks by state-sponsored actors.
Read more »
Technology
OSC&R OX Security supply chain security Technology

Cybersecurity Leaders Launch OSC&R, An Open Framework for Analyzing Threats


OX Security launches OSC&R

OX security, the first end-to-end software supply chain security solution, recently announced the launch of OSC&R (Open Software Supply Chain Attack Reference), the first and only open framework for evaluating and understanding current threats to entire supply chain security.

Talks with hundreds of industry leaders disclosed an urgent need for a MITRE-like framework that would let experts better understand and evaluate supply chain risk, a process that to date was only based on experience and intuition. OSC&R is built to give a common language and structure for analyzing and understanding TTPs- tactics, techniques, and procedures used by threat actors to disrupt the security of software supply chains. 

Dark Reading reports, "The founding consortium of cybersecurity leaders behind OSC&R include David Cross, former Microsoft, and Google cloud security executive; Neatsun Ziv, Co-Founder and CEO of OX Security; Lior Arzi, Co-Founder and CPO at OX Security; Hiroki Suezawa, Senior Security Engineer at GitLab; Eyal Paz, Head of Research at OX Security; Phil Quade, former CISO at Fortinet; Dr. Chenxi Wang, former OWASP Global Board member; Shai Sivan, CISO at Kaltura; Naor Penso, Head of Product Security at FICO; and Roy Feintuch, former Cloud CTO at Check Point Technologies."

How does OX Security work?

OSC&R is now ready for use by security teams to analyze existing defenses and define which threats need to be addressed first, how existing coverage deals with these threats, and also to help in behavior tracking of threat actor groups. 

Hiroki Suezawa, Senior Security Engineer at Gitlab said "OSC&R helps security teams build their security strategy with confidence. We wanted to give the security community a single point of reference to proactively assess their own strategies for securing their software supply chains and to compare solutions,"

The OSC&R framework in OX Security

The OSC&R framework will update as new techniques and strategies will evolve and emerge. It will also help red-teaming activities by setting the scope needed for a red team or pentest exercise, serving as a scorecard. The framework will also be open for other cybersecurity experts and leaders who can offer help to OSC&R. 

"Trying to talk about supply chain security without a common understanding of what constitutes the software supply chain isn't productive. Without an agreed-upon definition of the software supply chain, security strategies are often siloed," said Neatsun Ziv, who also worked as Check Point's VP of Cyber Security before founding OX. 

About OX Security

OX Security believes that security must be at the core of the software development process, not an afterthought. It stops attacks across your software supply chain. Automatically block risks introduced into the pipeline and ensure the integrity of each workload, all from a single location. 

It provides complete visibility and end-to-end traceability over your software pipeline security from cloud to code. OX security also helps you manage your findings, orchestrate DevSecOps activities, prevent risks, and maintain software pipeline integrity from a single location.







Read more »
Third Party Vendors
Cyber Security Supply Chain supply chain attacks supply chain security Third Party Vendors

What Choices Ought to Influence the Supply Chain in 2023?

 

Due to the increase in cybercrime, many businesses are infected by viruses and malware that are distributed to them by vendors and business partners. 

There has not been a definite plan of action that addresses this as of yet. However, new third-party risk assessment techniques, products, and services are now available to find security "weak spots" in the supply chain of your business. 

Threats by supply chain vendors 

BlueVoyant, a cybersecurity provider, reported in 2021 that 98% of organizations surveyed had been impacted by a supply chain security breach. In a global survey of 1,000 chief information officers conducted in 2022, 82% of respondents said their organizations were vulnerable to cyberattacks targeting their supply chains. 

There are multiple reasons for these statistics and concerns. The following stand out:

  • The enormous size of corporate supply chains can include up to 100,000 suppliers for a single business 
  • Different cybersecurity standards are required in different countries 
  • Supplier unpreparedness, lack of knowledge, and lack of resources for sound cybersecurity practices 
  • Lack of understanding of supplier security in areas like purchasing, which frequently issue requests for proposals from suppliers without mentioning the security requirements for conducting business with the company. 

Best practices for supply chain security 

While cybersecurity frameworks provide an excellent overview of general supply chain security requirements, they do not provide a detailed plan for implementation. 

What organizations require is a guide for a multifaceted approach to supply chain security — but no single playbook can meet the needs of every organization. Instead, as organizations develop their own security approaches, leaders should follow supply chain security best practices: 

Become familiar with your data 

It may seem obvious, but it cannot be overstated: you must understand your own data, that is, what type of data your organization stores and how sensitive that data is. Use discovery and classification tools to find databases and files in your organization that contain sensitive data, such as customer data, financial information, health records, etc. 

Conduct a risk assessment of supply chain security 

Simply comprehending your data is insufficient. You must also understand your supply chain thoroughly in order to identify potential security risks and take preventative measures. 

Begin by gathering data on your third-party partners. What security safeguards do they have in place? Consider each partner's level of vulnerability, breadth and depth of data access, and the impact on your organization if their security is compromised. 

Next, evaluate the software and hardware products that your company employs. What are their weaknesses? Also, don't overlook compliance. Examine your organization's current security governance and consider where it may need to pivot. 

Create an incident response plan 

Attacks will occur, and your system will be compromised, no matter how thoroughly you prepare your organization's supply chain security. As a result, supply chain security best practices include more than just prevention — they also include preparation. 

An incident response plan should be a key component of your supply chain security app. This plan should outline everyone's responsibilities as well as all procedures to be followed in the event of a security incident. Make specific plans for data breaches, system shutdowns, and other security interruptions. And don't just write these procedures down. Test them, practice them, and make sure they're ready to go. 

Conclusion 

Because the supply chain is so fragile, maintaining solid supply chain security is a dangerous game. While eliminating all threats is impossible, adhering to best practices in supply chain security will position your organization to anticipate and mitigate their effects.
Read more »
Technology News
Cyber Security GitLab Software Supply Chain supply chain security Technology News

GitLab: Security and Governance Solutions Enhanced to Secure Software Supply Chain

 

GitLab has confirmed new security and compliance features and a number of enhancements in its platform to aid organizations to secure their software supply chain. 

A Global DevSecOps Survey by GitLab in 2022 found that security was amongst the highest priority investment areas for an organization, with 57% of security experts’ surveys indicating that their organizations have already shifted security left or plan to this year. 

GitLab has increased its focus on governance to help teams identify risks by offering visibility into their projects' dependencies, security findings, and user activities with increasing regulatory and compliance needs for the organization. 

The new enhancements on the other hand provide developers with tools that could scan any vulnerability and deploy controls in order to secure applications. Additionally, the developers have access to secure coding guidance involved in the GitLab platform. 

The new capabilities include security policy management, compliance management, events auditing, and vulnerability management. A dependency management capability to help developers track vulnerabilities in dependencies they are using will be available at a later date. Organizations will be able to automatically scan for vulnerabilities in source code, containers, dependencies, and applications in production, says Gitlab. 

These capabilities, along with a broad range of security testing capabilities such as static application security testing (SAST), secret detection, dynamic application security testing (DAST), API security, fuzz testing, dependency scanning, license compliance, and container scanning, aids the organization to acquire security and compliance of their software supply chain constantly, without giving in on speed and agility. 

In regards to the recent enhancement in the security and compliance features, VP of Product at GitLab David DeSanto says, “To stay competitive and propel digital transformation, organizations need to be great at developing, operating, and securing software. Security needs to be embedded in all stages of the software development lifecycle, not treated as an afterthought.” 

“Our enhanced security and governance capabilities make GitLab a comprehensive DevSecOps solution to help secure an organization’s software supply chain”, he continued.
Read more »
Trojan
Canada Comm100 Data Theft malware Supply Chain Attack supply chain attacks supply chain security Trojan

Trojanized Comm100 Live Chat App Installer Distributed a JavaScript Backdoor

Cybersecurity platform CrowdStrike reported a supply chain attack that involved the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. The application suffered an attack from 27 September to 29, 2022. 

Additionally, the malicious group actively attacked other sectors of the organizations with the same installer including the industrial, technology, healthcare, manufacturing, telecommunications sectors, and insurance in North America and Europe. 

Canadian application Comm100 facilitates over 200,000 businesses with its customer service and communication products. With more than 15,000 clients, the Comm100 company offers chat and customer engagement applications to businesses in 51 countries. However, the company did not report anything on how many customers got affected by the attack. 

According to the Cybersecurity firm CrowdStrike, the malware was proliferated using a Comm100 installer that was downloadable from the company’s website. On September 26, the installer was signed with legitimate information on the Comm100 desktop agent app. 

“CrowdStrike Intelligence can confirm that the Microsoft Windows 7+ desktop agent hosted at hxxps[:]//dash11.comm100[.]io/livechat/electron/10000/Comm100LiveChat-Setup-win[.]exe that was available until the morning of September 29 was a trojanized installer.”, Crowdstrike confirmed. 

Also, a malicious loader DLL called MidlrtMd[.]dll has been used as part of the post-exploitation action. It starts an in-memory shellcode to inject an embedded payload into a new Notepad process (notepad[.]exe). The CrowdStrike believed that the China nexus threat actor is behind the attack because the group previously targeted several Asian online gambling organizations. 

“Furthermore, CrowdStrike Intelligence assesses with moderate confidence that this actor likely has a China nexus. This assessment is based on the presence of Chinese-language comments in the malware, the aforementioned tactics, techniques, and procedures (TTPs), and the connection to the targeting of online gambling entities in East and Southeast Asia — a previously established area of focus for China-nexus targeted intrusion actors”, CrowdStrike Intelligence customers reported.
Read more »
Technology
GitHub Golang Programming Language Security Updates supply chain security Technology

GitHub Brings Suite of Supply Chain Security Features to Go

 

GitHub has released a number of supply chain security updates for Go programming language modules.

In a blog post published on July 22, GitHub staff product manager William Bartholomew stated that Go — also known as Golang is now firmly ingrained in the top 15 programming languages on the platform and that as the most famous host for Go modules, GitHub intends to assist the community in discovering, reporting, and preventing security vulnerabilities. 

Go modules were launched in 2019 to help with dependency management. As per the Go Developer Survey 2020, Go is now utilized in the workplace in some form by 76 percent of respondents. 

Furthermore, Go modules are becoming more popular, with 96 percent of those polled indicating they use them for package management, up 7% from 2019, and 87 percent saying they use exclusively Go modules for this reason. 

According to the results of the survey, the usage of other package management solutions is declining. As per GitHub, four major aspects of supply chain security enhancement are now available for Go modules. 

The first is GitHub's Advisory Database, an open-source repository of vulnerability information that presently has over 150 Go advisories at the time of publication. Developers can also use the database to get CVE IDs for newly identified security flaws. 

"This number is growing every day as we curate existing vulnerabilities and triage newly discovered ones," Bartholomew added. 

GitHub has also released its dependency graph, which can be used to track and evaluate project dependencies using go.mod, as well as warn users when risky dependencies are discovered. In this version, GitHub has also introduced Dependabot, which will notify developers when new security flaws in Go modules are identified.

To fix vulnerable Go modules, automatic pull requests can be enabled, and notification settings have been enhanced for fine-tuning. According to Bartholomew, repositories are enabled to automatically create pull requests for security updates, dependencies patch up to 40% faster than those that do not.
Read more »
Technology
Cyber Security cyber threat supply chain attacks supply chain security Technology

What is a Supply Chain Attack? Here's How is it Making Your Software Vulnerable

 

Users receive warnings from public and private organizations asking them to be aware of fraud links and sources, to not share their credentials with anybody, and save their sensitive data from dark websites, etc. commonly. However, the sophisticated hacking market is generating a sense of fear in minds of the public with questions like what if the legal software and hardware that makes up your network has been already compromised at the source? Which leads us to our main question: What is a supply chain attack? 

A very common form of cyber-hacking is known as a "supply chain attack”, it is also called a value-chain or third-party attack. This umbrella term ‘supply chain attack’ includes those cyber attacks that target software developers and suppliers so that several clients and customers of the fine products and services can be affected directly. 

By leveraging a single developer or supplier, threat actors or spies can steal its distribution systems and install the application that they want to send to the victims. 

By compromising a single chain, the hackers can well-place intrusion and can successfully can create a springboard to the networks of a supplier's consumers in which thousands of people can be victimized. 

Supply chain attacks have always been understood as daunting tasks. The reason behind this is their consequences can be very severe, a single attack can leave the whole organization with severe vulnerabilities and can break the trust between an organization and the customers. 

"Supply chain attacks are scary because they're really hard to deal with, and because they make it clear you're trusting a whole ecology," says Nick Weaver, a security researcher at UC Berkeley's International Computer Science Institute. "You're trusting every vendor whose code is on your machine, and you're trusting every vendor's vendor." 

In December 2020, the worst face of the supply chain attack had already been witnessed, when it was discovered that the Russian malicious actors later identified as Russian foreign intelligence service (SVR) compromised the software firm SolarWinds and installed malicious code in its IT management tool Orion. With this, hackers attacked at least nine US federal agencies. 

The spy operation ‘SolarWinds’ wasn't unique, there is a list of events that already hit the world’s big companies including a Chinese hacking group known as Barium carrying out at least six supply chain attacks over the past five years. 

In 2017, the Russian threat actors ‘Sandworm’, hijacked the software updates of the Ukrainian accounting software MEDoc, which ultimately inflicted $10 billion in damage worldwide. This attack is the costliest cyberattack in history.

With the available statistics and data, we can conclude that supply chain attacks are a huge problem that's not going away anytime soon. 
Read more »
US Spy Agencies
Cyber Security Russia SolarWinds supply chain security US Spy Agencies

SolarWinds Hack Alarms US Spy Agencies to Inspect Software Suppliers' Ties with Russia

 

US intelligence agencies have started to study supply chain threats from Russia, a top official within the Justice Department confirmed on Thursday 6th of May, in the wake of the far-reaching hacker operations that used software developed by SolarWinds as well as other suppliers. 

SolarWinds Inc. is an American multinational that creates software to help companies manage their IT infrastructure, systems, and networks. It is based in Austin, Texas, and has distribution and product development branches at several US locations and other countries.

According to John Demers, Assistant Attorney General for National Security, the examination will concentrate on any supply chain vulnerabilities arising from Russian businesses—or US businesses operating in Russia. 

“If there’s a back-end software design and coding being done in a country where we know that they’ve used sophisticated cyber means to do intrusions into U.S. companies, then maybe … U.S. companies shouldn’t be doing work with those companies from Russia or other untrusted countries,” Demers stated during a Justice Department-hosted cybersecurity conference. 

Demers stated that any information gathered from the Commerce Department would be passed on to the FBI and the other intelligence officials to determine whether more actions are required to remove suppliers from the U.S. supply chains or not. 

The White House accused the Russian SRV foreign intelligence agency of the spying operation which used the software of SolarWinds and penetrated at least nine U.S. federal agencies. Russian technology firms have also been endorsed by the management of Biden to finance the cyber operations of Russian intelligence agencies. Though the allegations were rejected by Moscow. 

However, the United States intelligence analysis reveals that the Biden administration is also looking into how potential spying operations will mimic whatever the SVR is supposed to use weak points in US tech companies' networks. 

An extensive range of US government and businesses were exposed to infiltration by allegedly Russian hacking. Initially, SolarWinds, stated that the malicious code had been downloaded by 18,000 customers. However, the original target list of spies was made up of 100 corporations and, as per the White House, at least nine federal agencies. 

Concerns of American officials regarding exposures to the supply chain have indeed increased in recent weeks as certain hacks arose. 

Whereas a 2019 executive order signed by then-President Donald Trump appears to approve the supply chain inspection, that forbids US telecommunications companies from using hardware that constitutes a national security risk. 

Although the executive order was widely seen as an effort to further limit the Chinese telecommunications company Huawei's access to US markets, it can also be applied to various other technologies from other countries. U.S. intelligence officers are tasked with constantly reviewing international supply chain threats and providing for additional "rules and regulations" to recognize innovations or nations that may pose a danger. 

In the supply chain screening, the US intelligence officials have long expressed fears that Moscow could use the Russian suppliers' technology to spy on America.
Read more »
Subscribe to: Posts (Atom)