Compiling an “ingredients list” for software can help organizations reduce cyber risks, avoid fines and save time, among other benefits, a Cybersecurity and Infrastructure Security Agency-led guide published Wednesday advises.

The CISA document, produced with the National Security Agency and cyber agencies from 14 other countries, aims to produce a shared vision on advancing the concept known as software bill of materials, or SBOM. It’s a nearly universally praised idea whose implementation has been playing catch-up with the embrace of its theoretical value.

In the guide, the agencies tout SBOMs as a way to adopt secure-by-design principles, where software makers implement security as part of the design process rather than as something to be tacked on afterward.

“The ever-evolving cyber threats facing government and industry underscore the critical importance of securing software supply chain and its components,” Madhu Gottumukkala, acting director of CISA, said in a news release accompanying the guide’s publication. “Widespread adoption of SBOM is an indispensable milestone in advancing secure-by-design software, fortifying resilience, and measurably reducing risk and cost.

“This guide exemplifies and underscores the power of international collaboration to deliver tangible outcomes that strengthen security and build trust,” he said. “Together, we are driving efforts to advance software supply chain security and drive unparalleled transparency, fundamentally improving decision-making in software creation and utilization.”

Publication of the guide follows closely on CISA’s updated federal agency guidelines for SBOMs, a set of rules that got mixed reviews when it came out last month.

Wednesday’s guide aims toward a unified approach to implementing SBOMs.

“Divergent implementations could hinder widespread adoption and sustainable implementation of SBOM. An aligned and coordinated approach to SBOM will improve effectiveness while reducing costs and complexities,” the guide reads. “When used widely across sectors, regions, and countries, supply chain illumination drives better ‘ingredients’ for everyone to use and helps ensure that known risks are addressed early. SBOM adoption is an integral condition for software to be secure by design.”

According to the guide, SBOMs help with vulnerability management by allowing organizations to be able to better track vulnerabilities when they arise, making it faster and more efficient to fix flaws. It helps organizations comply with industry-specific policies or government regulations and make decisions about their software purchases as such, thereby pushing vendors to give greater attention to cyber risk. It can help organizations manage software licenses, with violations of open-source licenses something that can trigger fines or reputational damage.

The guide advertises SBOMs as something for software makers, buyers and operators to adopt, as well as government cybersecurity agencies.

Australia, Canada, the Czech Republic, France, Germany, India, Italy, Japan, the Netherlands, New Zealand, Poland, Singapore and South Korea were the other countries involved in producing the guide.

The post CISA guide seeks a unified approach to software ‘ingredients lists’ appeared first on CyberScoop.

Vietnamese-speaking hackers are carrying out a “highly evasive, multi-stage operation” to steal information from thousands of victims in more than 62 countries, researchers said in a report published Monday.

The attackers emerged late last year but have evolved with novel techniques this year, with SentinelLABS of SentinelOne and Beazley Security ultimately identifying 4,000 victims, most commonly in South Korea, the United States, the Netherlands, Hungary and Austria.

“The evolving tradecraft in these recent campaigns demonstrates that these adversaries have meticulously refined their deployment chains, making them increasingly more challenging to detect and analyze,” reads the report.

In particular, attacks just last month demonstrated tailored capabilities to bypass antivirus products and mislead security operations center analysts, according to the companies.

The hackers’ motives, apparently, are financial in nature.

“The stolen data includes over 200,000 unique passwords, hundreds of credit card records, and more than 4 million harvested browser cookies, giving actors ample access to victims’ accounts and financial lives,” according to the two companies.

The hackers have been known to make money off the stolen data through “a subscription-based ecosystem that efficiently automates resale and reuse” through the Telegram messaging platform. It’s sold to other cybercriminals who then engage in cryptocurrency theft or purchase access to infiltrate victims, the report states.

The infostealer they use, PaxStealer, first garnered the attention of cybersecurity analysts after Cisco Talos published a report on it last November. Cisco Talos concluded that the hackers were targeting governmental and educational organizations in Europe and Asia.

Both the November report and Monday’s report identified clues in the infostealer’s coding of the hackers’ use of the Vietnamese language. Cisco Talos wasn’t sure in the fall whether the attackers were affiliated with the CoralRaider group that materialized in early 2024, or another Vietnamese-speaking group.

Jim Walter, a senior threat researcher for SentinelOne, told CyberScoop the group was “a long-standing actor” and “appears to be out of Vietnam,” but “beyond that analysis is ongoing and we’ll refrain from further [attribution] comments on the specific actor. It’s the same actor that has been highlighted by Cisco Talos and others as well.”

In the activity highlighted in Monday’s report, Walter said the targeting “seems wide and indiscriminate / opportunistic. Corporate and home users, whole spectrum of ‘user types.’”
Other Vietnamese hackers have been known to target activists inside the country with spyware, lace AI generators with malware or carry out ransomware attacks.

The post ‘Highly evasive’ Vietnamese-speaking hackers stealing data from thousands of victims in 62+ nations appeared first on CyberScoop.