supply chain – Page 12 – MCYSEKA-Maritime Cyber Security Knowledge Archive

Micro-Star International Signing Key Stolen

Micro-Star International—aka MSI—had its UEFI signing key stolen last month.

This raises the possibility that the leaked key could push out updates that would infect a computer’s most nether regions without triggering a warning. To make matters worse, Matrosov said, MSI doesn’t have an automated patching process the way Dell, HP, and many larger hardware makers do. Consequently, MSI doesn’t provide the same kind of key revocation capabilities.

Delivering a signed payload isn’t as easy as all that. “Gaining the kind of control required to compromise a software build system is generally a non-trivial event that requires a great deal of skill and possibly some luck.” But it just got a whole lot easier…

May 15, 2023

0 comment

Some U.S. Solar Makers Criticize Biden’s Tax Credits as Too Lax on China

U.S.-based manufacturers of solar products say rules issued by the Biden administration on Friday will “cement China’s dominance” over the solar industry.

May 13, 2023

0 comment

The Forces Behind South Korea’s and Japan’s Thaw

Eras of grievances between the two countries are giving way under the pressure of global changes, and with help from a personal outreach approach by both leaders.

May 7, 2023

0 comment

PHP Packagist supply chain poisoned by hacker “looking for a job”

I pwned you! Gizza job! You know it makes sense!

May 5, 2023

0 comment

Unpaid open source maintainers struggle with increased security demands

Ensuring the security of the open-source software that modern organizations depend on is a crucial responsibility of the open source maintainers, especially as attacks on the software supply chain are increasingly common, according to Tidelift. Open so…

May 4, 2023

0 comment

Why the Japan and South Korea Détente Is Crucial to Biden’s Asia Ambitions

The animosity between South Korea and Japan has long been a weak link in Washington’s Indo-Pacific strategy. President Biden is likely to urge more steps toward a thaw during meetings this week.

April 25, 2023

0 comment

Can Africa Get Close to Vaccine Independence? Here’s What It Will Take.

Leaders on the continent have vowed that if there is another pandemic, they won’t be shut out of the vaccine market.

April 25, 2023

0 comment

The double-edged sword of open-source software

The lack of visibility into the software supply chain creates an unsustainable cycle of discovering vulnerabilities and weaknesses in software and IT systems, overwhelming organizations, according to Lineaje. Diversity and complexity of the open-source…

April 25, 2023

0 comment

Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs

The North Korean hacking group behind the supply chain attack that hit 3CX also broke into two critical infrastructure organizations in the energy sector.
The post Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs appeared first …

April 21, 2023

0 comment

3CX Breach Was a Double Supply Chain Compromise

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

April 21, 2023

0 comment

1 … 10 11 12 13 14 … 16