supply chain

Big Data, Security Drive Dell In Post-PC Future

If you consider how the Internet of Things is transforming the technology industry, one of the most interesting and thought-provoking areas to pay attention to is what we might consider technology “majors” – firms like HP and IBM and Cisco that made their mark (and their hundreds of billions) serving the needs of an earlier generation of technology consumers. How these established technology firms are pivoting to address the myriad challenges posed by the “Internet of Things” tells us a lot about how the IoT market is likely to shake out for consumers and – more pressingly- the enterprise.

Continue Reading

More Supply Chain Woes: DeathRing Is Factory-Loaded Smartphone Malware

The folks over at Lookout Security have an interesting blog piece on “DeathRing,” a Chinese Trojan that comes pre-installed on a number of smartphones most popular in Asian and African countries. According to the bulletin, the Trojan masquerades as a ringtone app, but downloads an SMS and WAP (or “wireless access protocol” ) content from a command and control server to the victim’s phone once it is installed. That downloaded content can be used for various malicious, money-making schemes, according to Lookout. For example, DeathRing can use the SMS content to send phishing text messages to the phone to elicit sensitive information from the user. The WAP content to manipulate a mobile user’s web browsing session. For example: the attackers might prompt victims to download additional mobile applications or add-ons, potentially extending their reach over the victim’s device and data. [Read more Security Ledger coverage of supply chain risks.] Lookout […]

Continue Reading

Top News Sites Hacked, Syrian Electronic Army Claims Responsibility

The hacktivist group the Syrian Electronic Army claimed responsibility yesterday for a series of hacks of high-profile news sites including CBC News and The New York Times. The group, which has targeted western news outlets in prior incidents, claimed responsibility for the attack, in which visitors reported seeing a pop-up message informing visitors of the compromise. Through a Twitter account group claimed to have used the domain Gigya.com, which sells identity management services to corporations. The attackers manipulated Gigya’s account at domain registrar GoDaddy. Gigya’s operations team released a statement Thursday morning saying that it identified an issue with its domain registrar at 6:45 a.m. ET. The breach “resulted in the redirect of the Gigya.com domain for a subset of users,” CBC reported. Read more via Syrian Electronic Army claims hack of news sites, including CBC – Technology & Science – CBC News.

Continue Reading

Biggest Threat to Critical Infrastructure? Lack of Imagination

The threats to critical infrastructure in the U.S. and elsewhere are so plentiful that even trying to enumerate them is futile (and not a bit depressing). But – if we were to rank them in order of importance – what would be at the top of that list? Clearly, as this blog has noted, software security is a major concern. Recently, the Industrial Control System CERT (ICS-CERT) warned about a sophisticated malware campaign targeting users of HMI (human-machine-interface) technology from leading vendors.  In at least some cases, the systems targeted were exposed directly to the Internet, making compromise simple. In other cases, industrial control system software is deployed with default administrator credentials, or easy to guess passwords. In other words: while some attackers are persistent and clever, many critical infrastructure owners make their job pretty easy. So, perhaps, its not software insecurity that belongs at the top of the list, […]

Continue Reading

Third Party Vendor Source of Breach at Home Depot

Add Home Depot to the list of companies who have been victimized as a result of a third party contractor or supplier. The home improvement giant said in a statement on Thursday that the criminals that attacked the company’s network first gained access to the “perimeter” of Home Depot’s network. Target, the box store retailer, sketched out a similar scenario to describe the breach that resulted in the theft of 70 million credit cards numbers from its customers. In that case, a company that serviced HVAC systems in Target’s headquarters was reported as the source of the breach. Home Depot said that attackers were able to move within its network by elevating their level of network access and install what Home Depot described as “unique, custom-built malware” on self-checkout systems in the U.S. and Canada. The revelations about the circumstances of the breach came on a day when Home Depot […]

Continue Reading
1 12 13 14 15 16 21