Search results for: supply chain compromise


Supply chain compromise: Adding undetectable hardware Trojans to integrated circuits

Is it possible for attackers to equip integrated circuits with hardware Trojans that will not change the area or power consumption of the IC, making them thus indiscernible through power-based post fabrication analysis? A group of researchers from the National University of Sciences and Technology (Islamabad, Pakistan), the Vienna University of Technology and New York University have proven it is. They have also demonstrated that hardware Trojans (HTs) can be implanted not only by adding … More

Enterprise IT supply chains will be compromised

Enterprise IT supply chains will be targeted and compromised, forcing changes in the structure of the IT marketplace and how IT will be managed moving forward, according to Gartner. By 2017, IT supply chain integrity will be identified as a top three security-related concern by Global 2000 IT leaders. Supply chain integrity is the process of managing an organization’s internal capabilities, as well as its partners and suppliers, to ensure all elements of an integrated … More

Sixgill launches Integrity 1.0 for blockchain-enforced data authenticity

Sixgill, a leader in data automation and authenticity products and services, announced the commercial launch of Sixgill Integrity 1.0 for blockchain-enforced data authenticity. Sixgill Integrity fulfills the critical enterprise need for end-to-end, real-time data authenticity assurance with robust capabilities to monitor and guarantee the veracity of any data stream, including today’s sensors emitting time-series data in any form. Integrity provides organizations with absolute assurance that the data they create, transmit, process, act on, and store … More


Security leaders lack confidence in the supply chain, fear third-party attacks

An overwhelming number of cybersecurity professionals (89%) have expressed concerns about the third-party managed service providers (MSPs) they partner with being hacked, according to new research from the Neustar International Security Council. Survey participants in July 2019 comprise 314 professionals from across six EMEA and US markets. While most organizations reported working with an average of two to three MSPs, less than a quarter (24%) admitted to feeling very confident in the safety barriers they … More


Is there a weak link in blockchain security?

Recent research revealed that blockchain is set to become ubiquitous by 2025, entering mainstream business and underpinning supply chains worldwide. This technology is set to provide greater transparency, traceability and immutability, allowing people and organizations to share data without having to be concerned about security. However, blockchain is only as strong as its weakest link. Despite the hails surrounding blockchain’s immutable security, there are still risks surrounding it that organizations must be aware of – … More


Supply chain attacks: Mitigation and protection

In software development, a supply chain attack is typically performed by inserting malicious code into a code dependency or third-party service integration. Unlike typical cyber attacks, supply chain attacks provide two major advantages to attackers. Firstly, a single supply chain attack can target multiple companies at once (since multiple companies use the same code dependencies and third-party scripts); as such, the potential return of investment of the attack is higher. Secondly, and unlike common cyber … More

Framing supply chain attacks

The increase in the demand for innovative software has effectively reshaped the software development industry itself. Today, speed and agility are paramount and development teams are pushed to deliver highly advanced applications in record time — which means that writing every single line of code from the ground up is often not a sustainable practice. As the NIST puts it, “This ecosystem has evolved to provide a set of highly refined, cost-effective, reusable ICT solutions.”. … More


ASUS confirms server compromise, releases fixed Live Update tool

ASUS has finally confirmed that its servers were compromised and that its ASUS Live Update tool has been tampered with, as revealed on Monday. “ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated … More


Attackers compromised ASUS to deliver backdoored software updates

Unknown attackers have compromised an update server belonging to Taiwanese computer and electronics maker ASUS and used it to push a malicious backdoor on a huge number of customers, Kaspersky Lab researchers discovered. Judging by information hard-coded in the malware, the attackers’ aim was to compromise about 600 specific computers, but the malware it thought to have been ultimately delivered to over a million of users. Asus Live Updater was used in a big supply … More


Phishing, software supply chain attacks greatest threats for businesses

Attackers continue to use phishing as a preferred attack method, but have been forced to adapt their approach as anti-phishing tools and techniques are becoming more sophisticated. The phishing threat “Phishing attacks have become increasingly polymorphic, which means attackers don’t use a single URL, domain, or IP address to send mail, but make use of a varied infrastructure with multiple points of attack. The nature of the attacks themselves has also evolved, with modern phishing … More


PHP PEAR supply chain attack: Backdoor added to installer

Some additional details have emerged about the recent security breach involving the PHP PEAR (PHP Extension and Application Repository) webserver, but much is still unknown. What happened? The PEAR project maintains a system for distributing PHP software code and for managing free code libraries (aka packages) written in the popular programming language. On Saturday, the project’s site (located at has been temporarily disabled and visitors were pointed towards a short warning saying that anyone … More