Information Technology

The battle over abortion and women’s rights to healthcare reached a peak in the United States the moment the landmark Roe v. Wade case was overturned by the Supreme Court. In a number of states, both now and expected in the coming weeks, providing abortion healthcare services will be made illegal, or so restricted they will be almost impossible to obtain. Concerns have now been raised over period tracking apps’ data practices and security, and what their use could mean for those able to get pregnant in the future.     The message is simple: You should stop using them. As warned by Professor Gina Neff, you should “delete every digital trace of any menstrual tracking.”This is why.  More

Image: Getty Images/Maskot Four in 10 UK cyber leaders say stress could push them to leave their job within the next year, according to a new study. Combined with the ongoing skills crisis, mass resignation could leave many sectors in a precarious situation.  Cybersecurity services company Bridewell surveyed 521 critical national infrastructure decision-makers across multiple […] More

Image: Getty A recently developed form of malware has quickly become a key component in powering ransomware attacks.  The malware, called Bumblebee, has been analysed by cybersecurity researchers at Symantec, who’ve linked it to ransomware operations including Conti, Mountlocker and Quantum.   “Bumblebee’s links to a number of high-profile ransomware operations suggest that it is […] More

Image: Shutterstock A newly discovered remote access trojan (RAT) called ZuoRAT has targeted remote workers by exploiting flaws in often unpatched small office/home office (SOHO) routers.  Researchers at Lumen’s Black Lotus Labs threat intelligence unit report that ZuoRAT is part of a highly targeted, sophisticated campaign that has been targeting workers across North America and […] More

A list detailing the top 25 “most dangerous” software flaws, some of which could allow attackers to take over a system, has been published The list was developed by the Homeland Security Systems Engineering and Development Institute, sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) and operated by MITRE. It uses Common Vulnerabilities and […] More

Image: Dzelat/Shutterstock Scammers or criminals are using deepfakes and stolen personally identifiable information during online job interviews for remote roles, according to the FBI.  The use of deepfakes or synthetic audio, image and video content created with AI or machine-learning technologies has been on the radar as a potential phishing threat for several years. ZDNet […] More

Cyberattackers are targeting rare earth mining companies in a new campaign designed to keep China in a dominant market position.On June 28, Mandiant published new research into Dragonbridge, a misinformation program focused on disrupting rare earth facilities. The rare earths market is driven by demand for consumer products, including smartphones and PCs, due to their role in the development of electronics, circuit boards, and batteries. The aerospace and military tech industries also rely on rare earth supplies.  China is one of the world’s largest exporters of rare earth elements. Despite the country’s current dominant position, the Dragonbridge group, known to promote the political interests of the People’s Republic of China (PRC), is working to disrupt suppliers and rare earth processors outside of the country.  Dragonbridge is a vast network comprising thousands of accounts on numerous social networks and communication channels. According to Mandiant, the network has been active since 2019, twisting and publishing narratives online that benefit China’s ruling party.  However, recently, the researchers have monitored a change in tactics, leading to an expansion into misinformation campaigns targeting mining companies.  Among the firms on the target list are Australian mining company Lynas Rare Earths Ltd. Now, Dragonbridge is turning its attention to Canada and the United States. This month, the misinformation group was linked to propaganda activities focused on tarnishing the reputations of Canada’s Appia Rare Earths and Uranium Corp., as well as USA Rare Earth. Specifically, the group appears to be promoting material in criticism of new mining and production facilities.  Appia has located a potential site for mining in Northern Saskatchewan, Canada, while USA Rare Earth intends to construct a new facility in Oklahoma later this year. The misinformation network runs thousands of fake accounts on platforms including Facebook and Twitter. The majority of content is posted by fake concerned US “citizens” in English, with a scattering of posts also written in the Chinese and Malay languages.  A potential reason for this shift in tactics is the US 2022 Defense Production Act (DPA) Title III. The act has been signed by US President Biden to encourage the domestic production of rare earths and other materials, thereby lessening reliance on exports from other countries, including China. It should also be noted that companies targeted by Dragonbridge are large enough that they could potentially threaten China’s dominant position in the future.  “While the activity we detail here does not appear to have been particularly effective and received only limited engagement by seemingly real individuals, the campaign’s microtargeting of specific audiences suggests the possibility of using similar means to manipulate public discourse surrounding other US political issues to the PRC’s advantage,” the researchers said.Mandiant has contacted the companies at the heart of Dragonbridge’s campaigns, alongside the social networks used by the group to promote its narratives. “An economic decoupling with China will only encourage more victimization of the private sector by Chinese actors,” commented John Hultquist, VP of Mandiant Intelligence. “Unfortunately, businesses will be on the front lines of a fight that may not be fair.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Software Bill of Materials (SBOM)s aren’t optional anymore. If we really want the applications we’re running in containers to be secure, we must know what’s what within them. To make that easier, Codenotary, a leading software supply chain security company, is launching its new SBOM Operator for Kubernetes in both its open-source Community Attestation Service and its flagship service, Codenotary’s Trustcenter.
Open Source
An SBOM (pronounced S-Bomb) is a record containing the details and supply chain relationships of the components used in building software. Since most programs today are made by assembling existing open-source and commercial software components, it’s essential to know the name and specific versions of all these elements. For instance, a program using Apache Log4j2 versions 2.17.0 is vulnerable to Log4Shell attacks. One using Log4j2 2.17.1 or newer is as safe as houses. Now, you could check for that and thousands of other potential vulnerabilities by hand, or you could turn to a service like Codenotary’s new offering. I know which one I’d pick. The SBOM Operator for Kubernetes mitigates the risk of software supply chain attacks by tracking all software and software dependencies running in Kubernetes. It does this by generating SBOMs of your running container images and maintaining up-to-date records of all builds, and dependencies. SBOM Operator builds its SBOMs using its own SBOM generator. When a new vulnerability shows up — and trust me, one will — this lets you know that it’s time to make a fix when dangerous or vulnerable artifacts are detected.To make this keep working properly, Codenotary continuously updates its SBOM records, This data is kept in its open-source speedy, immutable database, Immudb. This is a zero-trust tamper-proof, auditable database. The container image files are kept in a Git repository.Codenotary claims this information is instantly available for search. With it, you can locate the software artifacts in your code in seconds. The program also keeps a history of verified image content changes.”By itself, the SBOM is not very useful without continuously being updated and maintained as the information is deprecated with every new deployment or update,” said Dennis Zimmer, Codenotary’s co-founder and CTO. “Now, users know exactly what is running in containers, with the most recent information, so they have the ability to immediately remediate something if necessary.”SBOM Operator’s chief programmer, Christian Kotzbauer, said, “I am pleased to contribute to the wider adoption and use of SBOMs with the Codenotary integration in my Kubernetes operator, especially the additional security, timestamp, and search capabilities across the infrastructure were key to developing the extension. This is another step forward in Codenotary’s efforts to provide comprehensive tools for cataloging and securing the software development lifecycle. Its programs and services, both free and paid, deserve Kubernetes developers’ attention.Related Stories: More