Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Software Providers. Show all posts
supply chain security
Cyber Attacks Ransomware attack Ransomwares Software Providers Supply Chain supply chain attacks supply chain security

Ransomware Attack on Blue Yonder Disrupts Global Supply Chains

 

Blue Yonder, a leading supply chain software provider, recently experienced a ransomware attack that disrupted its private cloud services. The incident, which occurred on November 21, 2024, has affected operations for several high-profile clients, including major grocery chains in the UK and Fortune 500 companies. While the company’s Azure public cloud services remained unaffected, the breach significantly impacted its managed services environment. The attack led to immediate operational challenges for key customers. UK supermarket chains Morrisons and Sainsbury’s were among the most affected. 

Morrisons, which operates nearly 500 stores, reported delays in the flow of goods due to the outage. The retailer activated backup systems but acknowledged that its operations were still disrupted. Sainsbury’s similarly implemented contingency plans to address the situation and minimize the impact on its supply chain. In the United States, Blue Yonder serves prominent grocery retailers such as Kroger and Albertsons, though these companies have not confirmed whether their systems were directly affected. 

Other notable clients, including Procter & Gamble and Anheuser-Busch, also declined to comment on any disruptions they might have faced as a result of the attack. In response to the breach, Blue Yonder has enlisted the help of external cybersecurity firms to investigate the incident and implement stronger defenses. The company has initiated forensic protocols to safeguard its systems and prevent further breaches. While recovery efforts are reportedly making steady progress, Blue Yonder has not provided a timeline for full restoration. The company continues to emphasize its commitment to transparency and security as it works to resolve the issue. 

This attack highlights the growing risks faced by supply chain companies in an era of increasing cyber threats. Disruptions like these can have widespread consequences, affecting both businesses and consumers. A recent survey revealed that 62% of organizations experienced ransomware attacks originating from software supply chain vulnerabilities within the past year. Such findings underscore the critical importance of implementing robust cybersecurity measures to protect against similar incidents. 

As Blue Yonder continues its recovery efforts, the incident serves as a reminder of the potential vulnerabilities in supply chain operations. For affected businesses, the focus remains on mitigating disruptions and ensuring continuity, while industry stakeholders are left grappling with the broader implications of this growing threat.
Read more »
Vulnerabilties and Exploits
CISA Google Software Providers SQL Injection Vulnerabilties and Exploits

Protecting Users Against Bugs: Software Providers' Scalable Attempts

Protecting Users Against Bugs

Ransomware assaults, such as the one on Change Healthcare, continue to create serious disruptions. However, they are not inevitable. Software developers can create products that are immune to the most frequent types of cyberattacks used by ransomware gangs. This blog discusses what can be done and encourages customers to demand that software companies take action.

Millions of Americans recently experienced prescription medicine delays or were forced to pay full price as a result of a ransomware assault. While the United States has begun to make headway in reacting to cyberattacks, including the passage of incident reporting requirements into law, it is apparent that much more work remains to be done to combat the ransomware epidemic. 

Ransomware gangs flourish because they usually attack genuinely easy weaknesses in software that serve as the basis for critical operations and services.

Providing scalable solutions: Company duty

Business leaders of software manufacturers hold the key: They can build products that are resilient against the most common classes of cyberattacks by ransomware gangs.

The security community has known how to eliminate classes of vulnerabilities across software for decades. What is needed is not perfectly secure software but “secure enough” software, which software manufacturers are capable of creating.n exploit remarkably simple vulnerabilities in software that is the foundation for the essential processes and services.

Systemic classes of defects like SQL injection or insecure default configurations, such as a lack of multi-factor authentication by default or hardcoded default passwords, enable the vast majority of ransomware attacks and are preventable at scale.

The expense of preventing some types of vulnerabilities during the design stage is substantially less than dealing with the complex aftermath of a breach. 

According to a recent Google study, it has nearly eliminated many common types of vulnerabilities in its products, such as SQL injection and cross-site scripting. Furthermore, Google claims that such tactics were cost-effective and, in some cases, saved money ultimately as a result of having to worry about bugs.

Fighting lack of action

Inaction is exactly what has occurred in the software business. The Biden administration's National Cybersecurity Strategy asks for a shift in this direction, with software manufacturers accepting responsibility for product security from the start.

For example, whereas conventional vulnerability assessment approaches urge a sequential approach to identifying and patching vulnerabilities one by one, the agency's SQL injection alert promotes software manufacturers' executives to lead codebase reviews and eliminate all potentially unsafe functions to prevent SQL injection at the source.

How to identify bugs

Software vendors may assess vulnerability classes on two levels: impact, or the degree of damage that can be done by that class of vulnerability, and the cost of avoiding that flaw at scale.

SQL injection vulnerabilities are likely to be high in impact but inexpensive in cost to eliminate, whereas memory-safety issues have extremely high impact but need large investments to rewrite codebases systematically. Businesses can create a priority list of the most cost-effective tasks for fixing specific types of flaws in their products.

Customer's role: What can you do?

Companies should ask how their vendors attempt to remove entire classes of threats, such as implementing phishing-resistant multi-factor authentication and developing a memory-safe plan to address the most prevalent type of software vulnerability.

It is feasible that future ransomware assaults may be far more difficult to carry out. It's high time for software businesses to make this possibility a reality and safeguard Americans by including security from the beginning. Customers should insist that they do this.
Read more »
Subscribe to: Posts (Atom)