Author: Marcus Bailey

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment notification, urging the user to open an archive file attachment.

Read Full Article

The U.S. Department of Defense (DOD) says it is on track to meet its goal of forming a domestic supply chain for vital materials needed in both commercial products and military systems.

Pentagon officials said in early March that it had awarded about $440 million to establish supply networks for rare earth elements within the U.S. since 2020 and that it is on pace to build a supply that can sustain all agency requirements — from “mine to magnet” — by 2027.

Read Full Article

AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. The data is from an alleged 2021 AT&T data breach that a threat actor known as ShinyHunters attempted to sell on the RaidForums data theft forum for a starting price of $200,000 and incremental offers of $30,000. The hacker stated they would sell it immediately for $1 million.

Read Full Article

Iranian hacktivists executed a supply chain attack on Israeli universities by initially breaching systems of a local technology provider to the academic sector.

The self-styled Lord Nemesis group boasted online that it used credentials snatched from Rashim Software to break into the systems of the vendor’s clients, universities, and colleges in Israel. The hack-and-leak operation began on or around November 2023, according to Op Innovate, an incident response firm that assisted one of the victim universities.

Read Full Article

Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. The researchers reported their findings to Tesla saying that linking a car to a new phone lacks proper authentication security. However, the car maker determined the report to be out of scope.

Read Full Article

Cybersecurity researchers have found that it’s possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks.

“It’s possible to send malicious pull requests with attacker-controlled data from the Hugging Face service to any repository on the platform, as well as hijack any models that are submitted through the conversion service,” HiddenLayer said in a report published last week.

Read Full Article

President Joe Biden’s administration plans to launch a $5 billion semiconductor research consortium to bolster chip design and hardware innovation in the US and counter China’s efforts to capture the cutting edge of the industry.

Read Full Article

President Biden’s Executive Order from the White House on supply chain resiliency signifies an important turning point for U.S. businesses, regarding supply chain management.

The plan, revealed at the inaugural meeting of the Council On Supply Chain Resilience on November 29, 2023, encompasses more than 30 targeted actions. The briefing room statement shared the goal is to “help Americans get the products they need when they need them, enable reliable deliveries for businesses, strengthen our agriculture and food systems and support good-paying, union jobs here at home.”

Read Full Article