Supply Chain Risk Management Capabilities Center
LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by BleepingComputer.
LastPass is a popular password manager that utilizes a LastPass Chrome extension to generate, save, manage, and autofill website passwords.
Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.
“Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape,” Checkmarx researchers Yehuda Gelb and Elad Rapaport said in a report shared with The Hacker News.
Over 14 million patients have been affected by data breaches caused by malware attacks on US healthcare organizations so far in 2024, according to a new analysis by SonicWall.
Most (91%) of these breaches have leveraged ransomware, with the report highlighting that attackers see the threat of exposing sensitive information held by healthcare organizations as an effective method for extorting ransom payments.
Supply chain resilience is essential for companies to survive in today’s competitive market, as they face environmental and unforeseeable challenges in their supply chain. This paper aims to model and manage the factors and activities that influence supply chain resilience and how they relate to each other. This will help us devise plans for enhancing the resilience of a supply chain.
While all federal agencies are striving to reach the same place, no two agencies are taking the same path to get there. Hear from cyber leaders at the Cybersecurity and Infrastructure Security Agency, the Interior Department, the Secret Service and Verizon:
American car rental giant Avis notified customers that unknown attackers breached one of its business applications last month and stole some of their personal information.
According to data breach notification letters sent to impacted customers on Wednesday and filed with California’s Office of the Attorney General, the company took action to stop the unauthorized access, launched an investigation with the help of external cybersecurity experts, and reported the incident to relevant authorities after learning of the breach on August 5.
Industrial cybersecurity firm Dragos disclosed that ransomware attacks significantly rose in the second quarter, as hacker groups recalibrated adversarial strategies. These groups demonstrated significant adaptability by rebranding and adopting new tactics, suggesting they will continue refining their operations using sophisticated methods like zero-day vulnerabilities to enhance their attacks. Data also revealed that the quarter saw a significant rise in the frequency and severity of attacks, reflecting the evolving threat landscape and the persistent risk posed by ransomware groups.
Thousands of Industrial Control Systems in the US and UK are vulnerable to cyberattacks, putting critical infrastructure like water systems at risk. A new report from Censys reveals the alarming number of exposed devices, highlighting the urgent need for improved cybersecurity measures.
On June 14, 2024, President Biden issued an Executive Order on White House Council on Supply Chain Resilience (the “Order”). The Order, with a goal of strengthening US supply chain resilience and building “resilient, diverse, and secure supply chains,” encourages “close cooperation” with allies and partners to “foster collective economic and national security, encourage innovation, and strengthen the capacity to respond to and recover from international disasters and emergencies.”
A global outage of Microsoft services was started by a Distributed Denial-of-Service (DDoS) attack, the tech giant has revealed.
An error in Microsoft’s DDoS protection measures then amplified the impact of the attack rather than mitigating it, the firm admitted.
During this time customers reported issues with a range of Microsoft platforms, including Outlook, Azure and the video game Minecraft. Microsoft cloud systems Intune and Entura were also impacted.