In early August, the research team at ReversingLabs came across a malicious supply chain campaign that included 24 harmful Python packages called VMConnect. The team has associated the campaign with three very common open-source Python tools.
Identity Governance; A Critical Enabler of Zero Trust
October 5, 2023, 1:30-2:30 PM ET
Zoom
Panelists will discuss the current or envisioned use of identity governance methods and tools within their organization and share lessons learned for the identity pillar on their journey towards zero trust.
Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
Lax policies for package naming on Microsoft’s PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular packages and potentially lay the ground for massive supply chain attacks.
PowerShell Gallery is a Microsoft-run online repository of packages uploaded by the wider PowerShell community, hosting a large number of scripts and cmdlet modules for various purposes.
Strengthening Federal Software Infrastructure: Importance of SBOM Compliance Standards
August 24, 2023, 1:30-2:30 PM ET
Webinar
Participate in an insightful panel discussion as we delve into the crucial topic of federal software supply chain modernization and compliance standards for Software Bill of Materials (SBOMs) in line with The President’s Executive Order 14028.
Federal Executive Forum Zero Trust in Government
August 8, 2023
1:00 PM Webinar
During this exclusive webinar, top federal technology executives and industry experts will discuss what they’ve learned around zero trust strategy and the future of zero trust in government.
U.S. hunts Chinese malware that could disrupt American military operations
The Biden administration is hunting for malicious computer code it believes China has hidden deep inside the networks controlling power grids, communications systems and water supplies that feed military bases in the United States and around the world, according to American military, intelligence and national security officials.
The discovery of the malware has raised fears that Chinese hackers, probably working for the People’s Liberation Army, have inserted code designed to disrupt U.S. military operations in the event of a conflict, including if Beijing moves against Taiwan in coming years.
Leveraging Public-Private Partnerships for Effective Supply Chain Risk Management
Jul 19, 2023 01:00 PM EST
Supply chain disruptions pose significant challenges to organizations in today’s interconnected business landscape. Join USTelecom and Inside Cybersecurity for a webinar exploring the crucial role of public-private partnerships (PPPs) in mitigating and managing supply chain risks.
IBM Calls for Fed Supply Chain Security Center of Excellence
Tech giant International Business Machines (IBM) has called on the government to establish a shared service center of excellence to develop protections against supply chain disruptions, according to a recent report it released in collaboration with experts from government, business, academia, and the nonprofit sectors.
CISA Releases One Industrial Control Systems Advisory
Release Date: June 27, 2023
CISA released one Industrial Control Systems (ICS) advisory on June 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.
DOD Enters $13.8 Million Agreement to Expand Domestic Manufacturing to Strengthen U.S. Supply Chains
The Department of Defense’s Office of the Assistant Secretary of Defense for Industrial Base Policy (OASD(IBP)), through its Manufacturing Capability Expansion and Investment Prioritization (MCEIP) Directorate, announced it has entered a $13.8 million agreement with The Timken Company (Timken) to increase production of high-precision ball bearings at its facility in Keene, New Hampshire.