supplychain   2483

« earlier    

Twitter
“Uber yourself before you are Kodak’d” at an customer internal event in The Hague
supplychain  from twitter
3 days ago by TomRaftery
What are some good entry level jobs in the supply chain field? : supplychain
I'm majoring in SC Mgmt and Analytics and will be a senior next year. I need something to do this summer and want to make it relevant to my field....
supplychain 
4 days ago by aliksd
REPORT: Tainted Garments: The Exploitation of Women and Girls in India’s Home-based Garment Sector
Conducted by leading labour experts at the University of California. Key findings:
99.3% of the workers are either Muslims or belong to a heavily subordinated community, called a “Scheduled Caste.”
99.2% of workers toil in conditions of forced labour under Indian law, which means they do not receive the state stipulated minimum wage. In fact, most workers received between 50% and 90% less than the state-stipulated minimum wages. Only a handful of males working near the city of Jaipur received proper wages for their work.
95.5% of workers are female.
2019  India  caste  dalit  bondedlabour  slavery  slaverykey  slaveryindiakey  indiakey  businesskey  businessandhr  business  supplychain  Report  study  children  labour  dalitwomen  women  childlabour 
19 days ago by idsn
Study finds Dalits working in forced and child labour in India’s garment industry (IDSN News)
An extensive study on home-based garment workers in India found 99 per cent of workers toiled in conditions of forced labor under Indian law, with over 99 per cent of the workers found to be either Dalits or Muslims. The prevalence of child labour was over 15 per cent and many cases of bonded labour were also documented. 85 per cent of the workers supplied global brands.The report “Tainted Garments: The Exploitation of Women and Girls in India’s Home-based Garment Sector” was conducted by leading labour experts at the University of California.
2019  India  IDSN  idsnnews  news  caste  dalit  bondedlabour  slavery  slaverykey  slaveryindiakey  indiakey  businesskey  businessandhr  business  supplychain  Report  study  children  labour  dalitwomen  women  childlabour 
19 days ago by idsn
Twitter
The Design to Operate interactive Demo at , including eye movement Tracking to move into favourit…
Supplychain  HM19  from twitter_favs
20 days ago by TomRaftery
Twitter
Awesome - Bumble Bee Foods, SAP Create Blockchain to Track Fish Ocean to Table
blockchain  supplychain  from twitter
21 days ago by TomRaftery
Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers - Motherboard
half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those system

new supply-chain detection technology to its scanning tool to catch anomalous code fragments hidden in legitimate code or catch code that is hijacking normal operations on a machine

The infamous Flame spy tool, developed by some of the same attackers behind Stuxnet, was the first known attack to trick users in this way by hijacking the Microsoft Windows updating tool on machines to infect computers
asus  cybersecurity  backdoor  kaspersky  ioc  apt  supplychain  scrm 
24 days ago by bwiese
Operation ShadowHammer | Securelist
certain evidence we have collected allows us to link this attack to the ShadowPad incident from 2017. The actor behind the ShadowPad incident has been publicly identified by Microsoft in court documents as BARIUM. BARIUM is an APT actor known to be using the Winnti backdoor. Recently, our colleagues from ESET wrote about another supply chain attack in which BARIUM was also involved, that we believe is connected to this case as well.

https://shadowhammer.kaspersky.com - check MAC addresses targeted

Kaspersky Lab verdicts for the malware used in this and related attacks:

HEUR:Trojan.Win32.ShadowHammer.gen
Domains and IPs:

asushotfix[.]com
141.105.71[.]116
Some of the URLs used to distribute the compromised packages:

hxxp://liveupdate01.asus[.]com/pub/ASUS/nb/Apps_for_Win8/LiveUpdate/Liveupdate_Test_VER365.zip
hxxps://liveupdate01s.asus[.]com/pub/ASUS/nb/Apps_for_Win8/LiveUpdate/Liveupdate_Test_VER362.zip
hxxps://liveupdate01s.asus[.]com/pub/ASUS/nb/Apps_for_Win8/LiveUpdate/Liveupdate_Test_VER360.zip
hxxps://liveupdate01s.asus[.]com/pub/ASUS/nb/Apps_for_Win8/LiveUpdate/Liveupdate_Test_VER359.zip
Hashes (Liveupdate_Test_VER365.zip):

aa15eb28292321b586c27d8401703494
bebb16193e4b80f4bc053e4fa818aa4e2832885392469cd5b8ace5cec7e4ca19
cybersecurity  asus  backdoor  scrm  kaspersky  ioc  supplychain 
24 days ago by bwiese
Some ASUS Updates Drop Backdoors on PCs in 'Operation ShadowHammer' | Threatpost
A supply-chain attack dubbed “Operation ShadowHammer” has been uncovered, targeting users of the ASUS Live Update Utility with a backdoor injection. The China-backed BARIUM APT is suspected to be at the helm of the project.

According to Kaspersky Lab, the campaign ran from June to at least November 2018 and may have impacted more than a million users worldwide – though the adversaries appear to have been after specific victims in Asia.

The threat surface is not small: The ASUS Live Update Utility is a pre-installed utility in most new ASUS computers, for automatic BIOS, UEFI, drivers and applications updates.

true to their APT nature, the attackers were interested in a specific subset of users. About 600 hard-coded MAC addresses were found in the backdoor code (MAC addresses uniquely identify a network adaptor that connects a computer to a network); if the victim’s machine didn’t match up with one of the specified MAC addresses, the malware went dormant. If it did, the malware downloaded the next payload.

230 different backdoored samples

BARIUM, a Chinese state player that also goes by APT17, Axiom and Deputy Dog, was previously linked to the ShadowPad and CCleaner incidents, which were also supply-chain attacks. that used software updates to sneak onto machines.
asus  backdoor  apt  china  bios  uefi  scrm  supplychain 
24 days ago by bwiese

« earlier    

related tags

2018  2018faves  2019  3dprinting  510  @vgcerf  africa  agility  agrachina  agriculture  ai  amazon  america  analytics  api  apotech  app  apple  application  apt  art  artificialintelligence  asus  audit  award  backdoor  baking  banking  belgium  bios  bitcoin  blockchain  bondedlabour  book  bruceschneier  business  businessandhr  businesskey  businessmodel  capitalism  cart  cases  caste  certification  certmint  childlabour  children  china  chips  circular_economy  circulareconomy  computing  consumption  criticalkits  critique  crypto  cryptocurrency  csr  culture  cybersecurity  d&a  dalit  dalitwomen  data  delivery  demandplanning  design  digitalhealth  dni  dtc  e-books  e-textbooks  egypt  emergingtechnologies  encryption  environment  ethereum  ethical  executiveeducation  fashion  fashionmeetsorganic  fda  feedly  finance  food  food_safety  foodtech  fraud  fundraising  governance  gps  hardware  history  hm19  holland  hospital  hsk  ibm  idsn  idsnnews  iiot  india  indiakey  indiedesign  industri  industry4  information  infrastructure  innovation  integration  investment  investor_relations  ioc  iot  ip  japan  kaspersky  kenya  kevinwerbach  kits  labour  landasplatform  leaders  leadership  legaltech  liarsandoutliers  logicmagazine  logistics  mailorder  maintenance  malware  manufacturing  material  materials  microbiome  mineral  miriamposner  ml  news  nigeria  npm  nytimes  onshoring  opensource  orms  packages  packaging  pharma  pharmacy  philips  php  physics  procurement  procurementwithpurpose  publishers  publishing  recycling  reference  regenold  report  retail  retailtech  review  saas  sap  sapibp  satoshinakamoto  sbcm_webinars  scrm  security  sensors  slavery  slaveryindiakey  slaverykey  smartmanufacturing  snake  social_impact  socialmedia  software  southafrica  startupinthecloud  startups  stevewozniak  study  sustainability  sustainablefashion  teceh  tech  technology  theprepared  tnc  tools  tracking  trade  training  transparency  trust  tweets  uefi  uk  unilever  upcycling  ups  usa  vaccination  venom  venture_capital  vintcerf  wired  women  zac  zilingo 

Copy this bookmark:



description:


tags: