AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. The data is from an alleged 2021 AT&T data breach that a threat actor known as ShinyHunters attempted to sell on the RaidForums data theft forum for a starting price of $200,000 and incremental offers of $30,000. The hacker stated they would sell it immediately for $1 million.
Israeli Universities Hit by Supply Chain Cyberattack Campaign
Iranian hacktivists executed a supply chain attack on Israeli universities by initially breaching systems of a local technology provider to the academic sector.
The self-styled Lord Nemesis group boasted online that it used credentials snatched from Rashim Software to break into the systems of the vendor’s clients, universities, and colleges in Israel. The hack-and-leak operation began on or around November 2023, according to Op Innovate, an incident response firm that assisted one of the victim universities.
MiTM phishing attack can let attackers unlock and steal a Tesla
Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. The researchers reported their findings to Tesla saying that linking a car to a new phone lacks proper authentication security. However, the car maker determined the report to be out of scope.
25th Annual CERIAS Security Symposium
April 2-3 at Purdue University.
Join cybersecurity leaders, practitioners, researchers, educators, at the nation’s premier cybersecurity conference that brings government, commercial industry and academia together to examine the state of Cybersecurity and forecast the threats ahead.
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks
Cybersecurity researchers have found that it’s possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks.
“It’s possible to send malicious pull requests with attacker-controlled data from the Hugging Face service to any repository on the platform, as well as hijack any models that are submitted through the conversion service,” HiddenLayer said in a report published last week.
US to Launch $5 Billion Research Hub in China Chips Race
President Joe Biden’s administration plans to launch a $5 billion semiconductor research consortium to bolster chip design and hardware innovation in the US and counter China’s efforts to capture the cutting edge of the industry.
President Biden’s Supply Chain Resilience Executive Order Signals Work For U.S. Businesses
President Biden’s Executive Order from the White House on supply chain resiliency signifies an important turning point for U.S. businesses, regarding supply chain management.
The plan, revealed at the inaugural meeting of the Council On Supply Chain Resilience on November 29, 2023, encompasses more than 30 targeted actions. The briefing room statement shared the goal is to “help Americans get the products they need when they need them, enable reliable deliveries for businesses, strengthen our agriculture and food systems and support good-paying, union jobs here at home.”
A Maturity Model for supply chain risk management
Purpose
Supply chains are among the most important, complex and risky systems in the modern world. Thus, managing risk is no longer an option, but a fundamental process in organizations. Given the lack of pathways that guide companies toward supply chain risk management (SCRM), the purpose of this study is to provide a conceptual reference, in the form of a maturity model, to support them in the evolution and improvement of this process.
Design/methodology/approach
The proposal covered a broad literature review, a survey and a multiple case study. The research was conducted in the aerospace industry and included companies from the supply chain of a leading aircraft manufacturer.
Findings
The model elaborated with the research results has eight attributes and four levels, addressing critical issues for SCRM to achieve its scope and purposes. The attributes include the structuring and scope of the SCRM process, the importance it receives within the organization, the resources used and the qualification of employees, the role of leadership and the inter-organizational collaboration.
Practical implications
Managing risk along supply chains is particularly challenging, demands resources and knowledge and requires a continuous effort. The proposed model offers a reference for improvement, helping to identify areas that need to be strengthened and practices to be implemented. Thus, it can guide the focus and efforts in a more efficient and systematic way, in addition to support evaluations and comparisons.
Originality/value
Although maturity models are abundant in different fields and several are available for risk management, models specifically developed for SCRM are scarce. This study broadens the understanding of SCRM with novel insights about how to improve this process in an evolutionary way. While many researchers focused their efforts on the SCRM process steps, this study identified critical issues that transcend these steps. The research was carried out in a sector with a long tradition in risk management and included companies belonging to a same supply chain, that is, using an approach still little explored in studies on SCRM or risk management maturity models.
Critical Infrastructure Protection and Resilience North America (CIPRNA) Conference
Tuesday, March 12, 2024 – Thursday, March 14, 2024
Location type: In-person
Location: Lake Charles LA
Event type: Conference
CISA is exhibiting and speaking at the Critical Infrastructure Protection and Resilience North America (CIPRNA) Conference on March 12-14, 2024, in Lake Charles, LA. This three-day event will feature speakers from CISA and bring together leading stakeholders from industry, operators, agencies and governments to collaborate on the issues and the threats securing North America.
Johnson Controls says ransomware attack cost $27 million, data stolen
Johnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data.
Johnson Controls is a multinational conglomerate that develops and manufactures industrial control systems, security equipment, air conditioners, and fire safety equipment.