About 1,000 vessels have been affected by a ransomware attack against a major software supplier for ships. Oslo-based DNV – one of the world’s largest maritime organizations – said it was hit with ransomware on the evening of January 7 and was forced to shut down the IT servers connected to their ShipManager system.
U.S. manufacturing output tumbles in December
Production at U.S. factories fell more than expected in December and output in the prior month was weaker than previously thought, indicating that manufacturing was rapidly losing momentum as higher borrowing costs hurt demand for goods.
Manufacturing output dropped 1.3% last month, the Federal Reserve said on Wednesday. Data for November was revised lower to show production at factories decreasing 1.1% instead of the previously reported 0.6%. Economists polled by Reuters had forecast factory production would decline 0.3%.
Software Supply Chain Security Needs a Bigger Picture
The intricate labyrinth of open source dependencies across the global software supply chain has created an application security puzzle of mammoth proportions. Whether open source or closed, most of the world’s software today is built on third-party components and libraries. Consequently, one piece of vulnerable code in even the smallest of open source projects can have a domino effect that impacts thousands of other applications, APIs, cloud infrastructure components, and more.
‘Develop Batteries for Electric Vehicles Here’: Zimbabwe Bans Export of Raw Lithium
Zimbabwe earlier this week stopped the export of raw lithium from its mines and said that it wants cash in on the value addition and also stop losing billions to foreign companies via mineral proceeds, news agencies reported.
On December 20, Zimbabwe’s ministry of Mines and Mining Development in a directive published under the nation’s Base Minerals Export Control Act said that the move was made to “ensure that the vision of the president to see the country becoming an upper-middle income economy has been realized.”
Supply chain integrity and security: what are the risks? (Part I)
Part I of this article explores the concept of Supply Chain Integrity, which is regularly bundled with Supply Chain Security. As opposed to supply chain security, which is focused on protecting those products or materials transiting the supply chain, supply chain integrity focuses on the provenance, authenticity and traceability of those products or materials. Supply Chain Integrity starts with raw materials and ends with the end user.
Zero-COVID Protests in China May Imperil Global Supply Chains – Interos
Since the onset of the COVID-19 pandemic, China has pursued a strict zero-COVID policy, employing draconian containment measures to limit transmission. This approach has limited fatalities but also severely impacted China’s economy, ensnarled global supply chains and —this past week — has fostered some of China’s most-visible protests and public dissent in years.
Russian Software Pushwoosh Highlights Need for Vigilance on Foreign Ownership Risks in Supply Chain
This week’s disclosure of a Russian firm masquerading as an American company highlights yet again the potential security concerns hidden within software supply chains.
The company, Pushwoosh, provides coding language and data processing for companies building software applications. Its code allows software developers to track and profile app users to customize the notifications they receive.
While Reuters’ exclusive story noted Pushwoosh’s integration with the Centers for Disease Control and Prevention (CDC), that agency was far from alone. Interos’ own analysis has identified additional industries and countries most at-risk of exposure to Pushwoosh code and potential data breaches.
Beyond Cybersecurity Frameworks
The last couple of years have been filled with what seems like countless high-profile cyber attacks — SolarWinds and Colonial Pipeline immediately come to mind.
Add to that the top six breaches that occurred in the U.S. and other countries in the first six months of this year, and we can see that hacks, scams, breaches and ransomware are the norm, not the exception. Although the U.S. government is doing its part to offer executive guidance and create meaningful security frameworks to combat new and ongoing threats, the onus must fall on the private sector to adopt, manage and revisit their security best practices if we are to get ahead of constantly evolving cyber threats.
When will SBOMs finally benefit the federal government’s software supply chain?
Software bill of materials (SBOMs), an ingredient list for software, are going to finally provide missing foundational information on software consumption so federal agencies can improve their software supply chain security … someday. To be sure, the Commerce Department has nurtured an SBOM-interested community for years and those efforts have benefited many industries, especially medical device companies. A recent executive order singled out the utility of SBOMs.
‘It has to work’: Inside the military’s race to solve an ejection seat safety conundrum
WASHINGTON — It was during a routine inspection in April that an Air Force technician found a single faulty Cartridge Actuated Device in the ejection seat of an F-35 at Hill Air Force Base, Utah. The device — known colloquially as CAD — contained no magnesium powder, a necessary material for generating the explosive charge that allows a pilot to begin ejecting from an aircraft.
At first, the potential issue was believed to be confined only to the F-35. By late July, however, the problem appeared more widespread, potentially impacting hundreds of aircraft across the US military’s tactical and training jet inventory that use ejection seats made by Martin-Baker, the UK-based firm that is one of two suppliers of ejection seats for the Defense Department.