supply chain Archives

Tech Optimizer

August 4, 2025

Zero-Day Flaw in PostgreSQL Exploited to Target BeyondTrust Systems

A significant PostgreSQL vulnerability, CVE-2025–1094, was identified during the investigation of another vulnerability, CVE-2024–12356, which was exploited in the BeyondTrust breach in December 2024. The breach involved unauthorized access to BeyondTrust's systems and was linked to the state-sponsored hacking group Silk Typhoon from China. The U.S. Treasury Department confirmed its network was compromised through a stolen BeyondTrust API key. CVE-2025–1094 is an SQL injection vulnerability that allows attackers to execute arbitrary SQL commands due to improper handling of invalid UTF-8 byte sequences. Rapid7 found that CVE-2024–12356's exploitation relied on CVE-2025–1094, and that CVE-2025–1094 could be exploited independently. BeyondTrust issued patches for these vulnerabilities, but the patch for CVE-2024–12356 did not directly address the underlying cause of CVE-2025–1094. The exploitation of these vulnerabilities underscores the need for timely patching and proactive security measures in organizations using PostgreSQL.

AppWizard

July 22, 2025

Cybercriminals Merge Android Malware with Click Fraud Apps to Harvest Credentials

Researchers have identified a sophisticated cluster of Android malware that merges brand impersonation with traffic monetization strategies, utilizing Android Package Kit (APK) files to compromise user trust and extract sensitive information. The malware disguises itself as legitimate services and uses social engineering techniques to encourage manual installations. Once installed, it exploits Android's permission model to access device resources and hijack network traffic for advertising fraud. The malware includes various categories such as ad fraud apps, credential stealers, background data harvesters, task reward apps, and gambling apps, each designed to manipulate user interactions and collect sensitive data. Common strategies include redirecting traffic through monetized domains and employing encrypted command-and-control communications. A notable variant is a spoofed Facebook APK that requests extensive permissions and retrieves encrypted configuration files from specific domains. The malware's infrastructure allows it to circumvent Android signature verification and adapt its behavior based on the environment, evading detection. Analysis suggests involvement from Chinese-speaking operators, with connections to underground economies trading stolen data. The campaign combines ad fraud and credential theft, highlighting a dual purpose of monetization and intelligence gathering. Users are advised to limit installations to trusted sources and scrutinize unsolicited APKs to mitigate threats.

AppWizard

July 15, 2025

Google is doubling down on cybersecurity using AI

Google's AI security agent, Big Sleep, has identified a vulnerability in SQLite, designated as CVE-2025-6965, which was being exploited by hackers. Enhancements have been made to Google's open-source forensics tool, now operating on the upgraded Sec-Gemini platform for improved log analysis and threat detection. Google is set to unveil FACADE, an insider threat detection system that has monitored billions of daily events since 2018 using contrastive learning. At DEF CON 33, Google will co-host a Capture the Flag event with Airbus, involving AI assistants in security challenges. Google is contributing data from its Secure AI Framework to the Coalition for Secure AI to enhance research in cybersecurity. The AI Cyber Challenge, a DARPA-led competition supported by Google, is nearing its conclusion, with winners showcasing AI tools for identifying and rectifying vulnerabilities in open-source software.

Winsage

July 12, 2025

Lenovo, Apple, and others post huge PC numbers, but behind it all is looming software panic

The global PC market saw a 7.4% year-on-year increase in shipments during Q2 2025, totaling 67.6 million units. This growth is primarily driven by urgent business upgrades due to the impending end of support for Windows 10 in October 2025, rather than a resurgence in consumer confidence. Businesses are refreshing their PC deployments, while consumer spending on personal devices has stagnated, with many delaying upgrades until 2026. Over half of channel partners expect growth in their PC business in the latter half of 2025, with nearly a third anticipating growth exceeding 10%. Lenovo led the market with 17.0 million units shipped, followed by HP with 14.1 million units, and Dell with a slight decline of 3.0%. Apple experienced a 21.3% increase to 6.4 million units, while Asus saw an 18.4% rise. Desktop shipments increased by 9%, and notebooks rose by 7%. The market dynamics are also influenced by evolving US tariff policies, which are reshaping the PC supply chain landscape.

Tech Optimizer

July 10, 2025

EDB Returns to Goodwood with Sovereign AI and Data Platform for Intelligent Mobility

EnterpriseDB (EDB) has returned to the Goodwood Festival of Speed, focusing on the impact of advanced AI data systems in the automotive industry. A global survey by EDB of 190 automotive executives revealed that only 13% of organizations are successfully leveraging agentic and generative AI, with these companies achieving a fivefold return on investment through a focus on data sovereignty. The automotive sector is undergoing a significant transformation, with the U.K. automotive AI market projected to grow from £8 million in 2024 to £2 million by 2030, reflecting a 21.7% CAGR. EDB is also fostering future talent through initiatives that encourage students to propose innovative data and AI solutions, with a £2,000 prize for the winning idea. The U.K. STEM workforce is expected to grow by 10% by 2030, while many tech firms face challenges in filling roles. EDB has received multiple recognitions for its innovation and workplace culture, including listings in various industry awards. EDB Postgres® AI is described as an open, enterprise-grade sovereign data and AI platform that integrates various workloads while ensuring compliance and security.

Tech Optimizer

July 7, 2025

XWorm RAT Deploys New Stagers and Loaders to Bypass Defenses

The XWorm Remote Access Trojan (RAT) has evolved its attack strategies by incorporating advanced stagers and loaders to evade detection. It is known for its capabilities, including keylogging, remote desktop access, data exfiltration, and command execution, and is particularly targeted at the software supply chain and gaming sectors. Recent campaigns have paired XWorm with AsyncRAT for initial access before deploying ransomware using the leaked LockBit Black builder. XWorm utilizes various file formats and scripting languages for payload delivery, often through phishing campaigns with deceptive lures like invoices and shipping notifications. It employs obfuscation techniques, including Base64 encoding and AES encryption, and manipulates Windows security features to avoid detection. Persistence mechanisms such as registry run keys and scheduled tasks ensure sustained access. XWorm conducts system reconnaissance, queries for antivirus software, and attempts to disable Microsoft Defender. It can propagate via removable media and execute commands from command-and-control servers. The Splunk Threat Research Team has developed detections for suspicious activities related to XWorm infections. Indicators of compromise include various file hashes for different scripts and loaders associated with XWorm.

Tech Optimizer

July 5, 2025

Protecting OT Systems Without Disrupting Production

Manufacturers are increasingly integrating IT systems with operational technology (OT), leading to heightened cyber threats such as ransomware, supply chain breaches, and attacks from nation-state actors. To enhance cyber resilience, it is crucial to segment IT and OT networks to prevent breaches on the IT side from affecting critical OT systems. Effective segmentation involves placing OT systems behind firewalls, restricting protocols, and using unidirectional gateways. Many manufacturing plants struggle with aging and undocumented devices, making security and monitoring challenging. Asset visibility tools can help map connected devices, enabling better inventory management and risk assessment. Attackers often use "living-off-the-land" techniques to navigate networks undetected, necessitating defenses that include behavioral analytics and application whitelisting. Incident response plans tailored for OT environments are essential, as production interruptions can have severe consequences. These plans should include scenarios like ransomware attacks and require regular testing and backups. For legacy systems that cannot be patched, isolation and monitoring are critical, along with virtual patching to block known exploits. Weak credentials pose a significant risk, so implementing role-based access control and multi-factor authentication is necessary. Security monitoring tools like SIEM and XDR should be used to consolidate data from IT and OT environments, providing alerts for potential attacks. Overall, cyber resilience in manufacturing focuses on minimizing risks and ensuring recovery without disrupting operations.

Tech Optimizer

June 24, 2025

Why Every File Demands Sanitization

Zero Trust addresses the issue of misplaced trust in cybersecurity, particularly the assumption that files from known senders are safe. This assumption can lead to security breaches, as malware can be hidden in documents from internal employees, vendors, or customers. Familiar interactions often bypass essential security checks, creating vulnerabilities. Security tools may fail to detect modern threats, which can evade traditional defenses. Compromised accounts and infected devices can introduce risks regardless of the sender's identity. To mitigate these risks, Votiro's solution cleanses every file using Content Disarm and Reconstruction (CDR) technology, removing harmful elements while maintaining functionality. Votiro's approach ensures that file security does not disrupt business operations, providing a seamless and efficient solution for organizations.

Tech Optimizer

June 17, 2025

EDB Postgres AI Accelerates New Era of Sovereign Data and AI for Enterprises, Industries, and Nations

EnterpriseDB has introduced significant advancements to its EDB Postgres AI (EDB PG AI) platform, enabling secure and compliant deployment of AI solutions across Postgres environments. The platform integrates transactional, analytical, and AI workloads into a unified system, featuring automatic pipelines and built-in development tools for data automation. Key capabilities include low-code/no-code simplicity for rapid AI pipeline creation and comprehensive hybrid management for real-time insights across databases. Recent research indicates that only 13% of enterprises have successfully implemented agentic AI applications at scale, with early adopters achieving up to 227% higher ROI. Collaborations with Red Hat aim to provide organizations with solutions for successful AI outcomes. New features include enhanced data security, a purpose-built PG AI Analytics Engine for high-performance queries, and a universal data store for various data models. Performance advantages include six times better total cost of ownership (TCO) compared to SQL Server and up to 150 times faster NoSQL performance than MongoDB. A comparative analysis showed that EDB PG AI reduced overall complexity by 67% and maintenance costs by 38%.

Tech Optimizer

June 13, 2025

Microsoft Data Loss Prevention (DLP): Tips to Protect Your Business Following the Latest Outage

Microsoft attributed a recent global outage affecting various digital infrastructures to a "CrowdStrike update," which disrupted multiple applications including OneDrive, OneNote, Outlook, PowerBI, Microsoft Teams, and others. Users experienced issues such as synchronization failures and access difficulties. The incident highlights vulnerabilities in supply chains that organizations rely on for managing sensitive data, which can be targeted by cyber threats. Data Loss Prevention (DLP) is a feature within Microsoft Purview designed to protect sensitive information from unauthorized disclosure. DLP policies can monitor user activity and take protective actions like alerting users about inappropriate sharing, blocking sharing attempts, or relocating data to secure locations. DLP can be applied across various platforms, including Office 365 applications and Windows endpoints. The DLP lifecycle includes planning and deployment phases, where organizations assess data to be monitored and ensure policies do not disrupt workflows. Monitoring and reporting tools provide insights into policy matches and incidents, helping organizations refine their DLP efforts. However, DLP has limitations, including false positives, user resistance, and challenges in detecting data leakages through new communication channels.