Tag Archive for: supply

China’s plans for a national cybersecurity barrier. A US Federal role in the open-source software supply chain? A look at proposed reporting deadlines.

/in


CISA: Federal Agencies Taking Steps to Address Log4j Flaw (Decipher) CISA said that thousands of internet-connected assets have been mitigated by federal agencies under its Emergency Directive that addressed the Log4j flaw.

CISA Still Helping Federal Agencies Remediate Log4j Vulnerability (MeriTalk) The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) said today that it is continuing to help Federal agencies remediate the Log4j vulnerability that CISA first warned about in December.

Lesson from Log4j: Open-source software improvements need help from feds (POLITICO) The tech industry is readying solutions to the security risks posed by the collaborative software that underpins modern-day computing — but aid from Washington could be essential to the project’s success.

The Case for Cyber-Realism (Foreign Affairs) Geopolitical problems don’t have technical solutions.

Russian troops intervene in protest-roiled Kazakhstan, where security forces have killed dozens of demonstrators (Washington Post) Russian troops landed in Kazakhstan on Thursday after the Central Asian country’s president asked for help to quell sweeping anti-government protests — a major test of a Moscow-led military alliance as the Kremlin deepened its role in the crisis.

Kazakh president gives shoot-to-kill order to put down uprising (Reuters) Kazakhstan’s president said on Friday he had ordered his forces to shoot-to-kill to deal with disturbances from those he called bandits and terrorists, a day after Russia sent troops to put down a countrywide uprising.

Kazakhstan unrest: From Russia to US, the world reacts (Al Jazeera) Bloody protests have drawn the attention of regional powers Russia and China, as well as Western capitals.

West must stand up to Russia in Kazakhstan, opposition leader says (Reuters) The West must pull Kazakhstan out of Moscow’s orbit or Russian President Vladimir Putin will draw the Central Asian state into “a structure like the Soviet Union”, a former minister who is now a Kazakh opposition leader told Reuters.

How Kazakhstan could shift Putin’s calculus on Ukraine (Atlantic Council) The unrest poses a question for Putin: Should he continue…

Source…

Supply chain and nation-state attacks will highlight 2022, says vendor

/in


Supply chain attacks and nation-state cyber warfare will continue to cause anguish for CISOs in 2022, says Check Point Software in its annual predictions blog.

Supply chain attacks will become more common, the security company said, which will lead to governments beginning to establish regulations to address these attacks and protect networks. They will also look into collaborating with the private sector as well as with other countries to identify and target more threat groups operating on a global and regional scale.

Check Point also expects to discover more about the global impact of the Sunburst attack on SolarWinds Orion network monitoring suite.  “As investigations are still ongoing, security researchers will unveil some of the biggest questions regarding the attack: What were the attackers doing these networks, and how did they benefit from the massive attack?”

“Supply chain attackers take advantage of a lack of monitoring within an organization’s environment,” the blog warns. “The well-known SolarWinds supply chain attack stands out in 2021 due to its scale and influence, but other sophisticated supply chain attacks have occurred, such as Codecov in April, and most recently, Kaseya.  Kaseya provides software for Managed Service Providers (MSPs) and the REvil ransomware gang exploited the company to infect over 1,000 customers with ransomware.  The group demanded a ransom of $70 million to provide decryption keys for all affected customers.

Among other predictions:

The cyber ‘cold war’ intensifies: The cyber cold war is intensifying, and taking place online as more nation-state actors push western governments and continue to destabilize society. Improved infrastructure and technological capabilities will enable terrorist groups and political activists to further their agendas and carry out more sophisticated, widespread attacks. Cyber-attacks will increasingly be used as proxy conflicts to destabilize activities globally;

Attackers leverage vulnerabilities in microservices to launch large scale attacks: The move to the cloud and DevOps will result in a new form of botnet. With microservices becoming the leading method for application development,…

Source…

Essence Group successfully meets devices supply demand throughout 2021

/in


Top 10 articles of 2021 reflect a changing security marketplace

Our most popular articles in 2021 provide a good reflection of the state of the industry. Taken together, the Top 10 Articles of 2021, as measured by reader clicks, cover big subjects such as smart cities and cybersecurity. They address new innovations in video surveillance, including systems that are smarter and more connected, and a new generation of computer chips that improve capabilities at the edge.
A recurring theme in 2021 is cybersecurity’s impact on physical security, embodied by a high-profile hack of 150,000 cameras and an incident at a Florida water plant. There is also an ongoing backlash against facial recognition technology, despite promising technology trends.
Cross-agency collaboration
Our top articles also touch on subjects that have received less exposure, including use of artificial intelligence (AI) for fraud detection, and the problem of cable theft in South Africa. Here is a review of the Top 10 Articles of 2021, based on reader clicks, including links to the original content:
Smart cities have come a long way in the last few decades, but to truly make a smart city safe
Safety in Smart Cities: How Video Surveillance Keeps Security Front and Center
The main foundations that underpin smart cities are 5G, Artificial Intelligence (AI), and the Internet of Things (IoT) and the Cloud. Each is equally important, and together, these technologies enable city officials to gather and analyse more detailed insights than ever before. For public safety in particular, having IoT and cloud systems in place will be one of the biggest factors to improving the quality of life for citizens. Smart cities have come a long way in the last few decades, but to truly make a smart city safe, real-time situational awareness and cross-agency collaboration are key areas that must be developed as a priority.
Fraud detection technology
How AI is Revolutionising Fraud Detection
Fraud detection technology has advanced rapidly over the years and made it easier for security…

Source…

A Year After the SolarWinds Hack, Supply Chain Threats Still Loom

/in


A year ago today, the security firm FireEye made an announcement that was as surprising as it was alarming. Sophisticated hackers had silently slipped into the company’s network, carefully tailoring their attack to evade the company’s defenses. It was a thread that would unspool into what is now known as the SolarWinds hack, a Russian espionage campaign that resulted in the compromise of countless victims.

To say the SolarWinds attack was a wake-up call would be an understatement. It laid bare how extensive the fallout can be from so-called supply chain attacks, when attackers compromise widely used software at the source, in turn giving them the ability to infect anyone who uses it. In this case, it meant that Russian intelligence had potential access to as many as 18,000 SolarWinds customers. They ultimately broke into fewer than 100 choice networks—including those of Fortune 500 companies like Microsoft and the US Justice Department, State Department, and NASA.

Supply chain attacks aren’t new. But the magnitude of the SolarWinds crisis significantly raised awareness, sparking a year of frantic investment in security improvements across the tech industry and US government.

“If I don’t get a call on December 12, I’ll consider that a success,” says SolarWinds president and CEO Sudhakar Ramakrishna. On that date a year ago, SolarWinds itself learned that Orion, its IT management tool, was the source of the FireEye intrusion—and what would ultimately become dozens more. Ramakrishna did not yet work at SolarWinds, but he was slated to join on January 4, 2021. 

While this week marks the one-year anniversary of cascading discoveries around the SolarWinds hack, the incident actually dates back as early as March 2020. Russia’s APT 29 hackers—also known as Cozy Bear, UNC2452, and Nobelium—spent months laying the groundwork. But that very dissonance illustrates the nature of software supply chain threats. The hardest part of the job is upfront. If the staging phase is successful, they can flip a switch and simultaneously gain access to many victim networks at once, all with trusted software that seems legitimate.

Source…