Tag Archive for: supply

US Department of Labor finds Salt Lake City restaurant supply company illegally employed 22 minor-aged workers beyond hours allowed

/in


SALT LAKE CITY – A federal investigation has found a Salt Lake City restaurant supply company allowed 22 employees – ages 14 and 15 – to work as many as 46 hours per workweek, and to begin work after midnight – both illegal practices under child labor laws. 

Investigators with the U.S. Department of Labor’s Wage and Hour Division found Specialty Consulting Services LLC – operating as Standard Restaurant Supply – violated child labor work hours standards of the Fair Labor Standards Act. The employer also failed to keep accurate time records including the date of birth for one minor-aged employee, in violation of the FLSA’s recordkeeping  provision.

The division assessed $16,595 in penalties to resolve the child labor violations.

The investigation follows a March 2022 announcement by the division’s Southwest Region reminding Salt Lake City-area employers of the importance of complying with federal child labor laws, and its stepped up enforcement efforts. 

Minors as young as 14- and 15-years-old not only worked beyond permitted hours, but more than half of them were employed in violation of the Fair Labor Standards Act by being allowed to work long shifts often exceeding eight hours,” explained Wage and Hour Division District Director Kevin Hunt in Salt Lake City. “Our investigators continue to see an increase in child labor violations in several industries. We will take vigorous action whenever we discover young workers’ safety and well-being are being jeopardized by employers who fail to follow the law.”

Federal labor law prohibits the employment of workers under the age of 14 in non-agricultural settings. 14- and 15-year-olds must work outside of the hours of school and cannot work:

  • More than 3 hours on a school day, including Friday.
  • More than 18 hours per week when school is in session.
  • More than 8 hours per day when school is not in session.
  • More than 40 hours per week when school is not in session.
  • Before 7 a.m. or after 7 p.m. on any day, except from June 1 through Labor Day, when nighttime work hours are extended to 9 p.m.

“We urge employers in the region to gain a full understanding of child labor regulations and ensure…

Source…

Supply chain disruption driving 3D printing tech

/in


The need to shorten supply chains in the face of ongoing global uncertainty and disruption is a pressing issue for many organisations, especially for multinational manufacturing companies that have come to rely on cheap labour in South East Asia.

China, in particular, continues to be hobbled by an economic downturn, power shortages and ongoing lockdowns resulting from its zero-tolerance approach to COVID-19. China’s days as the world’s manufacturing engine room seem to be numbered, as businesses seek to relocate manufacturing to other nations in Asia, such as Vietnam, or nearshore or reshore it closer to home.

There are, however, other means of shortening supply chains – one of which is 3D printing, also known as additive manufacturing (AM). 

AM technology started out as a way to produce prototypes with no machine tooling, but, over the past decade, it has evolved rapidly. An early drawback was that the process worked only with plastics; now, though, substances that can be printed include powders, resins, metals, carbon and even human flesh. 

In a report exploring the status of 3D printing – called The Mainstreaming of Additive Manufacturing, co-author Jörg Bromberger, Director of Strategy & Operations – points out that AM technology can generate any 3D component that will perform better and cost less than conventional manufacturing methods. 

3D printing allows for mass-scale customisation

He also highlights there’s no need for moulds or fixed tooling, and that it also allows for mass-scale customisation. Such simplicity of fabrication, he continues, reduces time-to-market and the need for spare-parts inventories, enabling the on-demand production of items from digital files in the field. Bromberger cites the example of carmaker Mercedes-Benz, which uses AM to produce spare parts for its classic vehicles.

The tech has the huge potential to help businesses reimagine manufacturing-based supply chains, and Bromberger feels that the technology is approaching the point where it is becoming disruptive: “When can a technology that has long been touted as a disruptive game changer for supply chains be said to have truly come of age?” 

His answer? When it’s a…

Source…

10 software supply chain attacks you can learn from

/in


software-supply-chain-attacks-2022

Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable 2022 software supply chain attacks. 

Since the devastating compromise of the SolarWinds Orion platform in 2020, malicious actors have steadily stepped up their software supply chain attacks. One 2022 survey found that supply chain attacks are affecting 62% of organizations.

And many organizations say they are not prepared to deal with the challenges of protecting their software supply chain. A recent survey of 1,000 CIOs found that 82% of organizations are vulnerable to software supply chain attacks. 

The State of Software Supply Chain Security 2022-23 explores top trends, best practices and more. One thing is clear: Supply chain attacks are surging — and no one is immune. That has made them the center of conversations about cyber risk and cybersecurity with CISOs and boards. 

Here are 10 software supply chain attacks from 2022 that your team can learn from.

npm

A typosquatting campaign aimed at a popular JavaScript node packager used by some 11 million developers worldwide was discovered in July by researchers at ReversingLabs. The campaign, known as IconBurst, used dozens of malicious NPM modules containing obfuscated JavaScript code to compromise hundreds of downstream desktop apps and websites ReversingLabs’ Karlo Zanki wrote in his threat research blog post.

“Upon closer inspection, we discovered evidence of a coordinated supply chain attack, with a large number of npm packages containing jQuery scripts designed to steal form data from deployed applications that include them.”
Karlo Zanki

Zanki explained that the pernicious actor gave the malicious modules names similar to high-traffic modules or names containing common misspellings of those modules, hoping careless developers would use the doctored versions of modules like umbrellajs and packages produced by Iconic.io. Since the users of the software and not the developers were the ultimate target of the scheme, the attack is similar to the infamous SolarWinds compromise, he added.

Comparitech estimates that 35,754 customers were affected by the attack.

Python Package Index (PyPI)

The…

Source…

Computer Security Approaches to Reduce Cyber Risks in the Nuclear Supply Chain

/in


Description

Computer security in the nuclear supply chain is an important element of risk management. Nuclear facilities and operations rely upon complex networks of suppliers, vendors, and integrators to provide digital technology, services, and support. This provides a supply chain attack surface that may be exploited to compromise nuclear facilities, operations, and secure environments. Compromise of the supply chain may provide a means to circumvent computer security measures that are in place to protect these critical systems, therefore a defence-in-depth approach that involves people, processes, and technology is needed.
The purpose of this publication is to assist Member States in raising awareness of cyber risks in the nuclear supply chain and help to identify critical issues and mitigation techniques. The aim is to reduce the supply chain attack surface by providing information, good practices, and mitigation techniques through all phases of the supply chain including design, hardware and software development, testing, transportation, installation, operation, maintenance and decommissioning of nuclear computer-based systems.

More Information on reusing IAEA copyright material.

Related publications

2022

2021

2021

2016

2016

Source…