supply-chain attack

back to index

description: a cyber-attack that targets vulnerabilities in the supply chain of a product or system

9 results

Software Engineering at Google: Lessons Learned From Programming Over Time

by Titus Winters, Tom Manshreck and Hyrum Wright  · 17 Mar 2020  · 214pp  · 31,751 words

.html 8 https://docs.bazel.build/versions/master/skylark/rules.html 9 https://blog.bazel.build/2017/08/25/introducing-sandboxfs.html 10 Such “software supply chain” attacks are becoming more common: https://blog.sonatype.com/2018-state-of-the-software-supply-chain-report 11 Go recently added preliminary support for modules using

A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend Them Back

by Bruce Schneier  · 7 Feb 2023  · 306pp  · 82,909 words

to penetrate them all. Instead, it chose carefully from its cornucopia of vulnerable victims to find the most valuable prospects. This is known as a “supply chain attack,” because the SVR didn’t attack any of those networks directly. Instead, it attacked a software system that all of those networks used

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

by Nicole Perlroth  · 9 Feb 2021  · 651pp  · 186,130 words

’t tell me who—had hired him to investigate its appliances. Sure enough, he confirmed that someone had compromised its firmware in the most sophisticated supply-chain attack he had ever seen, the kind Gosler told me only Tier I nation-states were capable of. “This attack wasn’t the work of cybercriminals

, here unveiling the plot behind, here Sulzberger, A. G., here Sulzberger, Arthur Jr., here, here, here, here, here Sun Microsystems, here, here Sun Tzu, here supply-chain attacks, here Surlyspawn (NSA), here surveillance resistance movement, here surveillance technology on cell phones, here, here, here, here China, here click-and-shoot, here corrupt use

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers

by Andy Greenberg  · 5 Nov 2019  · 363pp  · 105,039 words

,” Roads and Kingdoms, Oct. 6, 2017, https://roadsandkingdoms.com. APPENDIX SANDWORM’S CONNECTION TO FRENCH ELECTION HACKING ESET had found: Anton Cherepanov, “TeleBots Are Back: Supply Chain Attacks Against Ukraine,” We Live Security (ESET blog), June 30, 2017, www.welivesecurity.com, archived at bit.ly/2UEDQEo. BIBLIOGRAPHY Applebaum, Anne. Red Famine. New York

The Wires of War: Technology and the Global Struggle for Power

by Jacob Helberg  · 11 Oct 2021  · 521pp  · 118,183 words

diseased limb.” Ostensibly, the Obama administration quietly warned key businesses away from Supermicro. The incident, if it indeed occurred, would have constituted “the most significant supply chain attack known to have been carried out against American companies.”57 This is the glaring vulnerability of basing critical supply chains within China’s borders. When

Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks

by Scott J. Shapiro  · 523pp  · 154,042 words

. In March 2020, SolarWinds had pushed a “patch” that was intended to fix security vulnerabilities but ultimately implanted malware on its clients. Known as a supply-chain attack, the hack infiltrated eighteen thousand networks. Not only were major agencies of the U.S. government compromised, including the Pentagon, the Department of Justice, and

Recall the SolarWinds hack described in the introduction: Russian intelligence (most likely Cozy Bear) infiltrated eighteen thousand computer networks across the globe through a clever supply-chain attack. It compromised SolarWinds’ update servers and planted malware inside “patches.” When the company pushed an update in March 2020, Russian intelligence had access to the

law forbids Russia from spying on America, it permits America to spy on Russia. Vice versa for Russian law. The SolarWinds hack was espionage. The supply-chain attack was designed to infiltrate the networks of U.S. government organizations and major corporations to collect information relevant to Russia’s national security. Espionage is

or foolproof”: Evans v. General Motors Corporation, No. 359 F.2d 822, U.S. 7th Circuit, April 15, 1966. trusted SolarWinds: Cozy Bear launched another supply-chain attack, placing malware in Microsoft Office copies sold by resellers. It also compromised the authentication system used by Microsoft and VMWare, the largest developer of virtualization

-property-with-respect-to-specified-harmful-foreign-activities-of-the-government-of-the-russian-federation/. OFAC notice: https://home.treasury.gov/news/press-releases/jy0126. supply-chain attack: On the effort to increase supply-chain security, see White House, “Executive Order on America’s Supply Chains,” February 24, 2021, https://www.whitehouse.gov

Snowden, Edward: background of; citizen surveillance revelations of; on foreign cyberespionage tactics; public opinion of social inequities software development, see programming and software development SolarWinds supply-chain attack Solomon, Alan solutionism Spafford, Eugene speculative execution attacks SQL injections Stellarwind Sterritt, Aaron Stimson, Henry Stone, Roger stressor services Stuxnet Sudduth, Andy Sunstein, Cass

supply-chain attacks surveillance; capitalism; government; see also cyberespionage; espionage Swimmer, Morton Tait, Matt Tamene, Yared TCP/IP protocols Telnet Terminator (movie) Thaler, Richard Thomas, Bob Thompson, Ken

Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World

by Bruce Schneier  · 3 Sep 2018  · 448pp  · 117,325 words

before they get here. OUR SUPPLY CHAINS ARE INCREASINGLY VULNERABLE There’s another class of attacks that we have addressed only peripherally, and that’s supply-chain attacks. These are attacks that target the production, distribution, and maintenance of computers, software, networking equipment, and so on—everything that makes up the Internet+, which

mistrust of, 208, 220 policy challenges in, 99, 100–101, 192–206 regulatory bodies, 121, 144, 150–52, 156–59, 192 and security standards, 167 supply-chain attacks on, 87–89 surveillance by, 64–68, 172, 195, 208 vulnerability disclosure by, 163 Greer, John, 126 GTT Communications, 115 Gutenberg, Johannes, 24 hacking: catastrophic

, 116, 118 missions of, 160–61, 172 mistrust of, 208 reorganization (2016) in, 173 and security standards, 167–70 splitting into three organizations, 172–73 supply-chain attacks by, 87 surveillance by, 65, 66–67, 190, 202 NSO Group, 65 Nye, Joseph, 157 Obama, Barack, 66, 69, 92, 117, 163, 180, 208 Ochoa

–68 standard: mandatory, 145 use of term, 122 voluntary, 151 stingray, 168 stock market, flash crash of, 85 Stuxnet computer worm, 50, 71, 72, 79 supply-chain attacks, 87–89 surveillance: anonymity eliminated via, 53, 201 baby monitors, 133–35 and censorship, 67–68 and control, 62–63, 65–68 and espionage, 65

Four Battlegrounds

by Paul Scharre  · 18 Jan 2023

poisoning, and the model’s architecture. Defending against data poisoning attacks is, similar to adversarial attacks, an open area of active research. Other methods include supply chain attacks that target machine learning resources that are freely available online, such as datasets, pretrained models, and machine learning libraries. Shared resources and online repositories have

Engineering Security

by Peter Gutmann

for an attacker to send out a bogus update that compromises the system’s security (for example by leaking the encryption key), a so-called supply-chain attack? How are the updates authenticated? Can the user install them or does it require intervention by an administrator? How much proof of authorisation does the

replacement devices (if you are going to do this and you’re worried about fairly dedicated opponents then you need to watch out for a supply-chain attack in which an attacker sends out trojaned hardware, although in the case of VoIP boxes there are far easier ways to get at someone’s