Supply chain attack that hit 3CX caught at least 4 other victims, Symantec says

The software supply chain attack against X_Trader has claimed at least four additional victim organizations, the Symantec Threat Hunter Team said Friday. The compromised software, originally developed by Trading Technology, caused another supply chain attack at 3CX. The newly identified victims include two critical infrastructure organizations in the energy sector and two organizations involved in financial trading. 

Read Full Article

SBOM 101: How to Control Software Supply Chain Risks Like a Pro

Software now powers everything from smartphones and cars to medical devices and critical infrastructure. However, with the rise of cyber threats and recent government orders, it is crucial to clearly understand what components are in the system, where they came from, who has had access to them, whether they are subject to licenses, and whether they harbor known vulnerabilities. This is where Software Bill of Materials (SBOM) comes in.

Register now

CISA Releases updated Zero Trust Maturity Model

Today, the Cybersecurity and Infrastructure Security Agency (CISA) published Zero Trust Maturity Model version 2, incorporating recommendations from a public comment period, and furthering the federal government’s continued progress toward a zero trust approach to cybersecurity in support of the National Cybersecurity Strategy. While the Zero Trust Maturity Model is specifically intended for federal agencies, all organizations should review this guidance and take steps to advance their progress toward a zero trust model.

Read Full Article

Chip equipment exports to China tumble as U.S. pushes decoupling

Exports of semiconductor-manufacturing equipment from the U.S. and Japan to China fell for the first time in three years in 2022 as Washington stepped up its trade restrictions on advanced chip technology. In the October-December quarter, Japanese exports of such equipment to China slid 16% on the year by value, while the U.S. saw a 50% plunge and the Netherlands logged a 44% drop, according to trade and other data. 

Read Full article

US, Canada Plan North American Chip Corridor, Starting With IBM Expansion

The United States and Canada said on Friday they would work together to create a bilateral semiconductor manufacturing corridor, as International Business Machines signaled its intent to expand in Canada. The news came as U.S. President Joe Biden, who is visiting Canada, issued a joint pledge with Canadian Prime Minister Justin Trudeau to stand together against authoritarian regimes in part by reducing their dependence on other countries for critical minerals and semiconductors.

Read Full Article

When working in cybersecurity, there’s still risk ‘everywhere in the software supply chain’

The National Counterintelligence and Security Center (NCSC) leads counterintelligence for the national government. Among its myriad missions is securing the software supply chain.

“My directorate is certainly concerned with the supply chain of all critical infrastructure, certainly the supply chain that the IC has to source from as well,” Jeanette McMillian, assistant director of NCSC’s Supply Chain and Cyber Directorate said on Federal Monthly Insights – Securing the Supply Chain.

Read Full Article

Japan, Canada in Talks Over Collaboration in Battery Metals Supply Chain

Japan and Canada are discussing collaboration on building strong supply chains for battery metals, Japan’s industry minister, Yasutoshi Nishimura, said on Tuesday. A public-private mission led by Japan’s Ministry of Economy, Trade and Industry (METI) and including 16 companies that work with batteries visited Canada last week for talks on building sustainable and resilient supply chains, he said.

Read Full Article

Developing Supply Chain Capabilities Through Digitalization and Viability for Controlling the Ripple Effect

The COVID-19 pandemic affected all industries and presented manufacturing firms with enormous challenges, with considerable changes in consumer demand for goods and services. Supply chain management disruption caused by the COVID-19 outbreak resulted in several socio-economic roadblocks. The slow propagation of disruption risk results in a ripple effect along the entire chain. The lack of resilience and risk management capability is the prime cause, attributed to the unavailability of digital resources, skills, and knowledge. 

Read Full Publication