WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), along with the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Communications Security Establishment’s Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom National Cyber Security Centre (NCSC-UK) are publishing a Joint Cybersecurity Advisory today that shares technical details regarding malicious activity by a People’s Republic of China (PRC) state-sponsored cyber actor.
China Bans U.S. Chip Giant Micron, Citing “Serious Cybersecurity Problems”
China has banned U.S. chip maker Micron from selling its products to Chinese companies working on key infrastructure projects, citing national security risks. The development comes nearly two months after the country’s cybersecurity authority initiated a probe in late March 2023 to assess potential network security risks. “The purpose of this network security review of Micron’s products is to prevent product network security problems from endangering the security of national critical information infrastructure, which is a necessary measure to maintain national security,” the Cyberspace Administration of China (CAC) said.
Food distribution giant Sysco warns of data breach after cyberattack
Sysco, a leading global food distribution company, has confirmed that its network was breached earlier this year by attackers who stole sensitive information, including business, customer, and employee data. In an internal memo sent to employees on May 3rd and seen by BleepingComputer, the company revealed that customer and supplier data in the U.S. and Canada, as well as personal information belonging to U.S. employees, may have been impacted in the incident.
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems (ICS) advisories on May 9, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
- ICSA-23-129-02 Hitachi Energy MSM
- ICSA-21-334-02 Mitsubishi MELSEC and MELIPC Series (Update F)
Supply Chain to Dominate House Panel Hearing May 10
Again and again, Washington’s transportation intelligentsia reminds the country of the supply chain’s vital role. Transporting freight, from ports to the consumer, entails serious planning complemented by precision and intention. Logistics firms as well as many commercial transportation stakeholders continue their round-the-clock operations to, simply put, keep everything moving.
A Battery Breakthrough That Could Solve A Major Problem For The West
Chemical engineering professor Dr. Jodie Lutkenhaus and chemistry assistant professor Dr. Daniel Tabor have published their findings about lithium-free batteries in Nature Materials. Water based or aqueous batteries are different from lithium-ion batteries that contain cobalt. The group’s goal of researching metal-free batteries stems from having better control over the domestic supply chain since cobalt and lithium are only outsourced internationally. This safer chemistry would also prevent battery fires.
Bottom in sight as chip market falls 21% in March
The Semiconductor Industry Association (SIA) today announced worldwide sales of semiconductors totaled $119.5 billion during the 1Q23, a decrease of 8.7 percent compared to the 4Q22 and 21.3 percent less than the 1Q22. However, the 3MMA sales for the month of March 2023 increased 0.3 percent compared to February 2023. his is the first uptick in sequential three-month moving average (3MMA) since May 2022. Also, the annual decline, while exceptionally deep, was only slightly worse than the 20.7 percent decline reported in February.
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems (ICS) advisories on April 25, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Supply chain attack that hit 3CX caught at least 4 other victims, Symantec says
The software supply chain attack against X_Trader has claimed at least four additional victim organizations, the Symantec Threat Hunter Team said Friday. The compromised software, originally developed by Trading Technology, caused another supply chain attack at 3CX. The newly identified victims include two critical infrastructure organizations in the energy sector and two organizations involved in financial trading.
SBOM 101: How to Control Software Supply Chain Risks Like a Pro
Software now powers everything from smartphones and cars to medical devices and critical infrastructure. However, with the rise of cyber threats and recent government orders, it is crucial to clearly understand what components are in the system, where they came from, who has had access to them, whether they are subject to licenses, and whether they harbor known vulnerabilities. This is where Software Bill of Materials (SBOM) comes in.