November 2024 Newsletter

Posted By: Mark Tuesday 17th December 2024 Tags: , , , , , , , , , , , ,

This month: Blue Yonder Supply Chain Attacks, Google’s Big Sleep Project, Five Eyes Vulnerability report, Japan’s Digital End-Of Life recommendations, Tech Present ideas for Christmas, plus LaneSystems at the Meldrum Demo Ball.

Newsletter Image: Blue Yonder Supply Chain Attacks

Blue Yonder Supply Chain Attacks

Blue Yonder, formerly known as JDA Software, and a leading supply chain management software provider was the victim of a ransomware attack on November 21st. This latest supply chain attack disrupted Blue Yonder’s managed services hosted environment causing significant disruptions across various sectors, affecting several of its high-profile clients

What is a Supply chain attack?

Supply chain attacks are a type of cyberattack where attackers target vulnerabilities within a supply chain to compromise larger organisations. These attacks can occur in both software and hardware supply chains, and they often involve inserting malicious code or components into products or services that are then distributed to end users.

In typical supply chain attacks, cybercriminals exploit flaws in third-party vendors or service providers that have access to the targets systems. This can be done through various methods, such as:

  • Inserting Malicious Code: Attackers may inject malware into software updates or applications provided by a trusted vendor. When the compromised software is installed or updated, the malware is executed, giving attackers access to the target’s systems.

  • Compromising Hardware: Attackers can tamper with hardware components during manufacturing or distribution, embedding malicious elements that can be activated once the hardware is in use.

  • Exploiting Third-Party Services: Attackers may target third-party services or tools that are integrated into the target’s systems, using these dependencies to gain unauthorised access.

Problems Caused by the Blue Yonder Supply Chain Attacks

Supply chain attacks can lead to a wide range of problems for affected organizations, including:

  • Data Breaches: Attackers can gain access to sensitive information, such as customer data, intellectual property, and financial records.

  • Operational Disruptions: Compromised systems can lead to downtime, delayed deliveries, and disruptions in manufacturing processes.

  • Financial Losses: Companies may face significant financial losses due to ransom payments, recovery costs, and lost business opportunities.

  • Reputational Damage: A successful supply chain attack can damage an organisation’s reputation, leading to a loss of customer trust and potential legal liabilities.

  • Regulatory Non-Compliance: Organisations may face regulatory penalties if they fail to protect sensitive data or comply with cybersecurity standards.

Who was affected by the Blue Yonder Supply Chain Attacks?

Blue Yonder’s software is integral to the supply chain operations of many large companies. The ransomware attack caused delays and issues in the supply chains of clients such as Starbucks, Morrisons, and Sainsbury’s, who have reported operational disruptions due to the attack.

For instance, Starbucks faced issues with payroll and staff scheduling systems, impacting 11,000 stores in North America. Similarly, UK supermarkets Morrisons and Sainsbury’s experienced interruptions in their supply chain management systems, leading to challenges in maintaining the smooth flow of goods to their stores.

The attack has also affected other high-profile clients, including Procter & Gamble, Anheuser-Busch, and various other grocery chains in both the UK and US. These disruptions highlight the interconnected nature of modern supply chains and how a cyberattack on one company can ripple through to affect many others.

Who is responsible for the Supply Chain Attacks

At time of writing, no threat actors have claimed responsibility for the attack, and the ransom demand, if any, remains undisclosed. It is also unclear whether any company or customer data was compromised during the attack. Blue Yonder has been working with external cybersecurity firms to restore services and implement defensive and forensic protocols. However, the recovery process is ongoing, and the company has not provided a specific timeline for full restoration.

This incident underscores the importance of robust cybersecurity measures and the potential widespread impact of cyberattacks on supply chain networks. It’s a reminder of the far-reaching impact of ransomware attacks on global operations.

If you’re a business in the North East of England and looking for IT and Cyber Security services, get in touch.

Newsletter Image: LaneSystems News

LaneSystems News

Meldrum Demolition Ball

LaneSystems recently attended this year’s Meldrum Demolition Ball. The ‘Demo’ Ball’, which has been held annually since 2009, has raised over £170k to date for local charities and good causes.

Meldrum Construction has been a valued client of ours for many years, and our team keeps a very close relationship with them – we place a technician on site three days a week. Michel, along with Matty and Damian – who are the technicians working most closely with Meldrum – attended the event.

Thanks to Meldrum for putting on a wonderful night and raising more money for great causes.

LaneSystems Charity News

As part of our own ongoing charity work, we donate various pieces of equipment to our Citizens Advice clients to aid in their important work.

We recently provided Citizens Advice Newcastle with a large screen and webcam, worth £648, for their meetings.

Happy Anniversary Jason

It’s a happy 2nd anniversary to our Project Engineer, and cloud technologies expert, Jason Wetherall. Thank you for your continued hard work in implementing top-tier IT systems for our clients.

Newsletter Image: Google’s Big Sleep Project

Google’s Big Sleep Project

Google’s “Big Sleep” AI project is a fascinating initiative aimed at leveraging artificial intelligence to uncover real-world software vulnerabilities. Here’s a detailed report on the project and its capabilities:

What is Big Sleep?

“Big Sleep” is an AI-powered framework developed by Google, specifically designed to mimic the workflow of a human security researcher. The project was initially dubbed “Project Naptime” before being renamed to “Big Sleep,” reflecting the goal of allowing human researchers to “take regular naps” while the AI handles the heavy lifting.

AI-Driven Vulnerability Discovery

“Big Sleep” uses a large language model (LLM) trained in-house by Google to analyse code and identify potential security flaws. This AI agent is equipped with specialised tools to examine the computer code of specific programs, looking for vulnerabilities that might be missed by traditional methods.

Fuzzing and Beyond

While traditional fuzzing techniques involve providing invalid, unexpected, or random data as inputs to a program to find vulnerabilities, “Big Sleep” enhances this process. It automates the development of fuzz targets, making the process more efficient and effective.

Complementing Traditional Methods

“Big Sleep” is designed to complement traditional vulnerability discovery methods. While fuzzing remains effective, the AI’s ability to perform high-quality root-cause analysis and triage issues can make the process of fixing vulnerabilities cheaper and more efficient.

Real-World Impact

One of the significant achievements of “Big Sleep” is the discovery of a previously unknown and exploitable bug in SQLite, an open-source database engine. This vulnerability, a stack buffer underflow, was identified and reported before it could be exploited in the wild, prompting SQLite to issue a fix.

The discovery of the SQLite vulnerability marks the first known instance of an AI agent finding a previously unknown, exploitable memory-safety issue in widely used real-world software. While this is the first publicly known vulnerability discovered by Big Sleep, it showcases the tool’s capabilities and the promise of AI-driven vulnerability research. The success of Big Sleep in identifying this critical flaw suggests that it may uncover more vulnerabilities in the future as it continues to evolve and be applied to other software.

By automating parts of the vulnerability discovery process, “Big Sleep” has the potential to significantly enhance software security, providing defenders with an asymmetric advantage over attackers. Google’s “Big Sleep” AI project could be a significant advancement in the field of cybersecurity.

Make sure your IT systems are secure with our cyber security services that support clients throughout the North East of England from our offices in Stockton-on-Tees. Get in touch today.

Newsletter Image: Five Eyes Lists Most Exploited flaws of 2023

Five Eyes Lists Most Exploited flaws of 2023

In a co-authored advisory released on November 14th, the Five Eyes agencies detailed the top 15 most routinely exploited vulnerabilities, highlighting that, for the first time since these annual reports began, most of the listed vulnerabilities were initially exploited as zero-days.

The Five Eyes long-standing intelligence-sharing alliance, comprising the United States, the United Kingdom, Canada, Australia, and New Zealand, has recently released a comprehensive list of the most exploited software vulnerabilities from 2023. This annual report is a crucial resource for cybersecurity professionals, as it highlights the most significant threats and provides insights into the tactics used by malicious actors. The 2023 list underscores the increasing sophistication of cyberattacks and the persistent challenges faced by organizations in securing their digital environments.

The Five Eyes most exploited flaws report is typically released with a delay because it takes time to gather comprehensive data, analyse trends, and verify the accuracy of the information. The process involves collecting data from various sources, including cybersecurity agencies, software vendors, and incident response teams. Once the data is collected, it must be carefully analysed to identify patterns and determine which vulnerabilities were most frequently exploited.

The report aims to provide a complete and accurate picture of the threat landscape, and while the delay may seem significant, it is a necessary part of ensuring the report’s reliability and usefulness for cybersecurity professionals.

The Most Exploited Vulnerabilities of 2023

The 2023 report identifies the top 15 most exploited software vulnerabilities, which have been actively targeted by cybercriminals throughout the year. These vulnerabilities span a range of software products and platforms, reflecting the diverse attack surfaces that companies must defend.

  1. Citrix NetScaler ADC and Gateway: Topping the list is a remote code execution vulnerability in Citrix NetScaler ADC and Gateway versions 12 and 13. This flaw allows attackers to execute arbitrary code on affected systems, potentially leading to full system compromise.

  2. Cisco IOS XE: Cisco’s IOS XE operating system is also prominently featured, with multiple vulnerabilities being exploited. One of the most severe issues involves attackers creating local accounts and elevating their privileges to root, allowing them to take full control of the system.

  3. Fortinet FortiOS and FortiProxy: Fortinet’s FortiOS and FortiProxy products are vulnerable to a heap-based buffer overflow, which can be exploited to execute arbitrary code remotely. This vulnerability has been actively targeted by attackers seeking to compromise network security appliances.

  4. Progress MOVEit Transfer: An SQL injection vulnerability in Progress MOVEit Transfer allows attackers to access and manipulate databases, posing a significant risk to data integrity and confidentiality. This flaw has been exploited in the wild since May 2023.

  5. Atlassian Confluence: Atlassian’s Confluence Data Center and Server products are affected by an improper input validation flaw, which enables attackers to create admin-level accounts and execute arbitrary code. This vulnerability has been a popular target for cybercriminals.

The Rise of Zero-Day Exploits

One of the most concerning trends highlighted in the report is the increased exploitation of zero-day vulnerabilities. Zero-day vulnerabilities are flaws that are unknown to the software vendor and have no available patches at the time of discovery. These vulnerabilities are highly prized by attackers because they provide a window of opportunity to compromise systems before defences can be implemented.

The report notes that the routine exploitation of zero-day vulnerabilities has become the “new normal”, posing significant challenges for organisations and software vendors alike. To mitigate the risk of zero-day attacks, the Five Eyes agencies emphasise the importance of proactive vulnerability management, timely patching, and the adoption of secure-by-design principles in software development.

Five Eyes Recommendations

  1. Timely Patching: Prioritise the timely application of patches to address known vulnerabilities. Delayed patching can leave systems exposed to exploitation, increasing the risk of compromise.

  2. Secure Software Development: Software vendors and developers are urged to implement secure-by-design practices throughout the software development lifecycle. This includes following frameworks such as the SP 800-218 Secure Software Development Framework (SSDF) and incorporating security measures at every stage of development.

  3. Centralised Patch Management: Implementing a centralised patch management system can help organisations streamline the patching process and ensure that all systems are up to date. This approach can also facilitate the use of security tools such as endpoint detection and response (EDR) and web application firewalls.

  4. Vulnerability Disclosure Programs: Establishing coordinated vulnerability disclosure programs can help organisations identify and address vulnerabilities more effectively. These programs should include processes for determining the root causes of vulnerabilities and prioritising secure configurations.

The Five Eyes most exploited software vulnerabilities list serves as a stark reminder of the evolving cyber threat landscape. As cybercriminals continue to refine their tactics and exploit new vulnerabilities, organizations must remain vigilant and proactive in their cybersecurity efforts. If your business requires a cybersecurity audit get in touch for a chat.

Newsletter Image: Japan Gives Citizens ‘Digital End-Of-Life’ Advice

Japan Gives Citizens ‘Digital End-Of-Life’ Advice

In an increasingly digital world, the Japanese government has taken a proactive step to address a growing concern: the management of digital legacies after death. The National Consumer Affairs Center of Japan has recently advised its citizens to include their usernames and passwords for all online accounts in their wills. This initiative aims to ease the burden on surviving family members and ensure that digital assets are managed effectively and responsibly.

The Importance of Digital End-of-Life Planning

As our lives become more intertwined with digital platforms, the need for comprehensive digital end-of-life planning has become apparent. The Japanese government’s advice recognises that many people leave behind a complex web of online accounts, subscriptions, and digital assets that can be challenging for family members to manage after their passing.

One of the primary motivations behind this advice is to prevent the complications that arise when family members are unable to access the deceased’s online accounts. Without the necessary usernames and passwords, surviving relatives may struggle to cancel subscriptions, close accounts, or retrieve important information. This can lead to ongoing expenses and emotional distress during an already difficult time.

Steps to Include Digital Information in Wills

The Japanese government has outlined several steps for citizens to ensure their digital information is accessible to their loved ones:

Maintain a List of Usernames and Passwords

Individuals are encouraged to keep an updated list of their usernames and passwords for all online accounts. This list should be stored in a secure location, such as a password manager, and shared with a trusted family member or included in their will.

Document Subscriptions and Services

In addition to usernames and passwords, it’s important to document all active subscriptions and services. This includes streaming services, online shopping accounts, social media profiles, and any other digital platforms that require login credentials.

Designate a Digital Executor

Just as one might appoint an executor for their physical estate, it’s advisable to designate a digital executor. This person will be responsible for managing and closing digital accounts, ensuring that the deceased’s digital legacy is handled according to their wishes.

Use Legacy Contact Features

Some online services, such as Meta (formerly Facebook) and Apple, offer legacy contact features. These allow users to designate someone who can manage their accounts after they pass away. Utilising these features can simplify the process for surviving family members.

Environmental and Practical Benefits

The Japanese government’s advice also highlights the environmental benefits of managing digital legacies. By ensuring that unused accounts are closed and subscriptions are cancelled, the burden on data centres is reduced. This, in turn, lessens the environmental impact associated with cloud storage and data management.

From a practical standpoint, having access to the deceased’s digital information can prevent unnecessary expenses. Subscriptions and services that continue to charge fees after a person’s death can quickly add up, creating financial strain for surviving family members. By including usernames and passwords in their wills, individuals can help their loved ones avoid these costs and streamline the process of settling their digital affairs.

Addressing Privacy and Security Concerns

While the advice to include usernames and passwords in wills is well-intentioned, it does raise some privacy and security concerns. Storing sensitive information in a will, which becomes a public document after probate, could potentially expose it to unauthorised access. To mitigate this risk, the Japanese government recommends using secure methods to store and share digital information.

One approach is to use a password manager that allows users to store all their login credentials in one secure location. The master password for the password manager can then be included in the will, ensuring that only the designated digital executor has access to the information. This method balances the need for security with the practicalities of digital end-of-life planning.

The Japanese government’s advice to include usernames and passwords in wills is a forward-thinking approach to managing digital legacies. As our lives become increasingly digital, it’s essential to consider how our online presence will be handled after we’re gone. By taking proactive steps to document and share digital information, individuals can ease the burden on their loved ones and ensure that their digital assets are managed responsibly.

This initiative not only addresses practical concerns but also highlights the importance of digital end-of-life planning in the modern world. As other countries observe Japan’s approach, it may inspire similar measures to help citizens manage their digital legacies effectively. In the end, thoughtful planning can provide peace of mind for both individuals and their families, ensuring that digital legacies are handled with care and consideration.

Newsletter Image: Tech Present Ideas At Christmas

Tech Present Ideas At Christmas

The holiday season is merely weeks away, and now is the perfect time to surprise your loved ones with the latest tech gadgets. Here are some popular tech gift ideas for Christmas:

For the DIY Enthusiast

Digital Soldering Station

A must-have for any DIY techie, the Weller digital soldering station is perfect for electronic tinkering.

DIY Mechanical Keyboard Kit

The Neo80 custom mechanical keyboard kit allows enthusiasts to assemble their own keyboard, choosing their preferred switches and keycaps.

Raspberry Pi 4

This versatile mini-computer is ideal for a wide range of DIY projects, from home automation to retro gaming.

For the Gamer

Razer BlackWidow V4 Pro 75% Keyboard

This gaming keyboard offers 4K Hz wireless, Bluetooth technology, and a hot swappable design, making it a top choice for serious gamers.

Razer BlackShark V2 X Gaming Headset

With passive noise-cancelling, a hyper-clear cardioid mic, and 50mm Titanium drivers, this headset is essential for immersive gaming experiences.

Acer Predator Orion X Gaming PC

Featuring options up to an Intel iCore i9 processor, Nvidia GeForce RTX 4080 graphics card, and 64GB RAM, this monster gaming PC delivers top-tier performance.

For the Home

Roomba j7+ Robot Vacuum

This self-emptying robot vacuum makes cleaning a breeze, with advanced navigation to avoid common household objects.

Nespresso VertuoPlus Coffee and Espresso Machine

Perfect for coffee lovers, this machine brews barista-quality coffee and espresso at the touch of a button.

Apple Watch SE (2nd Gen)

A great gift for fitness enthusiasts, this smartwatch offers advanced fitness tracking, heart-rate monitoring, and sleep insights.

For the Tech-Savvy

Apple AirTag

This handy device helps keep track of valuables, making it a perfect gift for anyone prone to misplacing their keys.

Anker Nano Battery Pack

A portable charger with a built-in USB-C cable, ideal for keeping smartphones and tablets powered on the go.

ESR 3-in-1 MagSafe Charging Stand

This versatile charging stand can simultaneously charge an iPhone, AirPods, and Apple Watch, making it a convenient gift for tech lovers.

These tech gifts are sure to bring joy and excitement to your loved ones this Christmas. Happy shopping!