Industrial control system (ICS) computers in the Western world have been increasingly attacked, but the percentages are still smaller compared to other parts of the globe, according to Kaspersky’s latest ICS threat landscape report.
VMConnect Supply Chain Attack Persists
In early August, the research team at ReversingLabs came across a malicious supply chain campaign that included 24 harmful Python packages called VMConnect. The team has associated the campaign with three very common open-source Python tools.
Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
Lax policies for package naming on Microsoft’s PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular packages and potentially lay the ground for massive supply chain attacks.
PowerShell Gallery is a Microsoft-run online repository of packages uploaded by the wider PowerShell community, hosting a large number of scripts and cmdlet modules for various purposes.
U.S. hunts Chinese malware that could disrupt American military operations
The Biden administration is hunting for malicious computer code it believes China has hidden deep inside the networks controlling power grids, communications systems and water supplies that feed military bases in the United States and around the world, according to American military, intelligence and national security officials.
The discovery of the malware has raised fears that Chinese hackers, probably working for the People’s Liberation Army, have inserted code designed to disrupt U.S. military operations in the event of a conflict, including if Beijing moves against Taiwan in coming years.
IBM Calls for Fed Supply Chain Security Center of Excellence
Tech giant International Business Machines (IBM) has called on the government to establish a shared service center of excellence to develop protections against supply chain disruptions, according to a recent report it released in collaboration with experts from government, business, academia, and the nonprofit sectors.
CISA Releases One Industrial Control Systems Advisory
Release Date: June 27, 2023
CISA released one Industrial Control Systems (ICS) advisory on June 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.
DOD Enters $13.8 Million Agreement to Expand Domestic Manufacturing to Strengthen U.S. Supply Chains
The Department of Defense’s Office of the Assistant Secretary of Defense for Industrial Base Policy (OASD(IBP)), through its Manufacturing Capability Expansion and Investment Prioritization (MCEIP) Directorate, announced it has entered a $13.8 million agreement with The Timken Company (Timken) to increase production of high-precision ball bearings at its facility in Keene, New Hampshire.
Iowa’s largest school district confirms ransomware attack, data theft
Des Moines Public Schools, Iowa’s largest school district, confirmed today that a ransomware attack was behind an incident that forced it to take all networked systems offline on January 9, 2023.
While the school district also received a ransom demand following the attack from an unnamed ransomware group, the ransom has not been paid.
Almost 6,700 individuals whose data was affected in the resulting data breach will be contacted this week with details regarding what personal information was exposed.
Supply Chain Attack Defense Demands Mature Threat Hunting
The best cyber defense for organizations worried about protecting systems against the next software supply chain cyberattack comes down to active monitoring and threat hunting, experts say.
“Multiple software supply chain security failures in recent years have demonstrated that security extends well beyond the traditional ‘four walls’ cyber security model.”
China’s exports tumble in May as global demand falters
China’s exports shrank much faster than expected in May while imports extended declines with a grim outlook for global demand, especially from developed markets, raising doubts about the fragile economic recovery.
The world’s second-largest economy grew faster than expected in the first quarter thanks to robust services consumption and a backlog of orders following years of COVID disruptions, but factory output has slowed as rising interest rates and inflation squeeze demand in the United States and Europe.