Supply Chain

Trellix Launches Advanced Research Center, Finds Estimated 350K Open-Source Projects at Risk to Supply Chain Vulnerability

Trellix Launches Advanced Research
Trellix, the cybersecurity company delivering the future of extended detection and response (XDR),  announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence. Comprised of hundreds of the world’s most elite security analysts and researchers, the Advanced Research Center produces actionable real-time intelligence and threat indicators to help customers detect, respond and remediate the latest cybersecurity threats.

“The threat landscape is scaling in sophistication and potential for impact We do this work to make our digital and physical worlds safer for everyone. With adversaries strategically investing in talent and technical know-how, the industry has a duty to study the most combative actors and their methods to innovate at a faster rate.”

-Aparna Rayasam, Chief Product Officer, Trellix

Trellix Advanced Research Center has the cybersecurity industry’s most comprehensive charter and is at the forefront of emerging methods, trends and actors across the threat landscape. The premier partner of security operations teams across the globe, Trellix Advanced Research Center provides intelligence and cutting-edge content to security analysts while powering our leading XDR platform.

Python Tarfile Vulnerability Highlights Software Supply Chain Complexities
In coordination with today’s launch, Trellix Advanced Research Center also published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in closed-source projects. It exists in the Python tarfile module which is a default module in any project using Python and is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google, and applications used for machine learning, automation and docker containerization. The vulnerability can be exploited by uploading a malicious file generated with two or three lines of simple code and allows attackers arbitrary code execution, or control of a target device.

“When we talk about supply chain threats, we typically refer to cyber-attacks like the SolarWinds incident, however building on top of weak code-foundations can have an equally severe impact This vulnerability’s pervasiveness is furthered by industry tutorials and online materials propagating its incorrect usage. It’s critical for developers to be educated on all layers of the technology stack to properly prevent the reintroduction of past attack surfaces.”

-Christiaan Beek, Head of Adversarial & Vulnerability Research, Trellix.

Open-source developer tools, like Python, are necessary to advance computing and innovation, and protection from known vulnerabilities requires industry collaboration. Trellix is working to push code via GitHub pull request to protect open-source projects from the vulnerability. A free tool for developers to check if their applications are vulnerable is available on Trellix Advanced Research Center’s GitHub.

About Trellix
Trellix is a global company redefining the future of cybersecurity and soulful work. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security. More at https://trellix.com.

About Trellix Advanced Research Center
Trellix Advanced Research Center brings together an elite team of security professionals and researchers to produce insightful and actionable real-time intelligence to propel customer outcomes and the industry at large. Driven by the industry’s most comprehensive charter, our skilled researchers detect trends ahead of the market to empower our customers and partners to solve for emerging threats. More at https://www.trellix.com/en-us/threat-center.html.

Spotlight

Spotlight

Related News

Logistics, Supply Chain, Warehousing and Distribution

Harnessing the Transformative Power of Cold Chain Logistics with SSI Schaefer

SSI Schaefer | January 03, 2024

As average global temperatures rise and the demand for cold-chain storage grows worldwide, SSI Schaefer, a global leader in intralogistics and automated warehouses, is sharing best practices and key considerations on how logistics and operations managers can optimize efficiency and cost-effectiveness of cold storage warehouses. Cold storage warehouse managers -- particularly in the food and beverage industries, but also pharmaceutical distribution -- are facing the need to efficiently and effectively store, pick, retrieve, pack, and ship perishable and sensitive goods, which require special handling, monitoring, and carefully tuned environmental conditions. Yet they face additional challenges -- the cold-chain storage market is expanding, with some reports projecting a CAGR of 9% from 2023 to 2028, meaning that warehouse managers must balance surging demand for cold-stored goods with the increasing need to reduce energy costs and carbon emissions. "What we are seeing for refrigerated supply chains is this pinch -- a need to do ever more with ever less," notes Carsten Spiegelberg, Managing Director - Middle East & Africa, SSI Schaefer. "To meet the growing complexities of the industry, it's not enough to find a quick fix. Companies need material flow experts with industry know-how to consider all angles of a facility and seamlessly blend cold-chain logistics solutions with individual processes." Cold chain storage solutions Careful planning is always the first step in optimizing temperature-controlled infrastructure. To increase efficiency and cost-effectiveness of cold storage warehouses, there are several factors to consider from the beginning. Optimizing air circulation and product storage density Since different products and comestibles require different storage temperatures, cold storage warehouse temperatures can range from -34°C to 0°C, with some even reaching 21°C. However, there is often a trade-off between storage density and air flow. Selecting the right storage system that enhances the cooled air circulation while increasing the storage density in the given facility footprint is critical in the planning phase. Semi-automated solutions for cold storage space optimization Ideal for deep-freeze facilities for bulk storage in the manufacturing sector and delivering maximum space utilization, channel storage setups with semi-automated drive-in racking systems are an accessible step towards automation, offering high throughput, enhanced safety, and reduced time for workers in refrigerated facilities. Capable of following either the Last in-First Out (LIFO) or the First in-Last Out (FIFO) principle, these systems use channel vehicles like SSI Orbiter® and a corresponding docking station to store and retrieve pallets. Compared to a static, manual pallet rack system, a mobile racking storage system is an effective way to boost storage capacity in a given space -- by up to 85%, while maintaining full selectivity typically required in distribution centers. This system involves racks that move along floor rails via electric motors to create an aisle only where needed, and it offers smart lighting that only activates in occupied aisles for reducing energy consumption, as well as a night parking option that optimizes rack spacing for maximal cold air circulation. Future-ready automation systems for a seamless, cost-optimized cold chain Due to the need for cold goods to maintain strict timetables and a closed cold chain, storage systems must handle incoming goods efficiently and cope with expected and unexpected upticks in demand. The best way to systematically manage the complexities of cold-chain material flows is with a fully automated storage system that seamlessly interconnects components, such as: Pallets Automated storage & retrieval systems (ASRSs): The SSI Exyz is an automated high-density storage system with extremely high space utilization, particularly in high-bay warehouses, and it saves 25% of energy compared to conventional machines while functioning across different temperatures. Shuttle solutions: As a future-proof, fully automated channel storage option, the SSI Lift & Run Shuttle System (SLR) provides simultaneous access to multiple racks for top-tier performance and high storage density. Other storage types Shuttle solutions for layer trays: For high-volume picking of goods such as comestibles for shop deliveries, tray shuttles and conveying systems enable fully automated robotic picking or support efficient semi-automatic goods-to-person picking. Storage solutions for container, bin and carton loads: For loads of varying dimensions, scalable solutions using SSI Miniload, Flexi Shuttle or Cuby maximize storage density while accommodating specific load and performance requirements to support automatic or semi-automatic case and piece picking. Platforms for central control of refrigerated facilities Although there are various warehouse automation technologies that track material flows, issues such as coordinating multiple systems often arise and there is a clear need for centralized monitoring and control -- particularly with the complexities of refrigerated facilities. To tie all aspects of a cold storage warehouse together, end-to-end software such as WAMAS® or SAP EWM (Extended Warehouse Management) offer clear visualizations and comprehensive tools to manage processes, resources, and stock levels.

Read More

Logistics, Supply Chain, Transportation

AIT Worldwide Logistics Acquires Global Transport Solutions Group

Business Wire | February 05, 2024

AIT Worldwide Logistics, one of the world’s leaders in global supply chain solutions, has acquired Global Transport Solutions Group (GTS), a prominent international freight forwarder specializing in time-critical marine spare parts logistics. Headquartered in the Netherlands, GTS and its more than 600 teammates across 16 locations in Asia, Europe, the Middle East and North America, serve over 2,000 ports around the world. The GTS network also includes nine consolidation hubs totaling more than 45,000 square meters of warehouse space. AIT Chairman and Chief Executive Officer, Vaughn Moore, said, “I’d like to welcome our new GTS teammates to the global AIT network. This is the largest acquisition in our company’s history and GTS’ marine spare parts business is an excellent complement to AIT’s time-critical supply chain solutions.” The company’s business is divided into two sub-brands: Marinetrans (founded in 1991), excelling in “door-to-deck” spare parts logistics for ship owners and managers, and Best Global Logistics (founded in 2007), providing time-critical solutions and general forwarding for other industries, including life sciences shippers. According to AIT’s Chief Business Officer, Greg Weigel, the acquisition provides the company with new geographic presence in Greece, Japan and the Nordic region while adding significant capacity and subject matter expertise to existing AIT networks in China, the Netherlands and Singapore. The deal also provides a strong foundation to expand GTS’ world-class marine spare parts solutions via AIT’s expansive global freight network. “The acquisition of GTS creates an incredible portfolio of solutions serving the maritime industry with delivery of time-critical spare parts across all geographies. This is a perfect complement to AIT’s vertical strategies focused on expedited mission-critical services like our Critical Solutions Group, government and AOG team, and Life Sciences Division,” Weigel said. “We plan to rapidly invest and expand GTS’ North American operations by capitalizing on AIT’s robust salesforce in the United States and offering maritime customers a world-class spare parts logistics solution in every port.” AIT President and Chief Operating Officer, Keith Tholan, noted that the GTS core values – customer first, operational excellence, and partnership and collaboration – closely mirror AIT’s core values. “We are delighted to welcome GTS teammates to AIT,” Tholan said. “Their deep marine logistics expertise and three decades of proven on-time performance in a very demanding segment will complement the diverse solutions we offer across our vertical sector strategy. We also expect our best-in-class global air freight procurement will instantly benefit their time-critical operations.” According to GTS co-CEO John Burgstra, the acquisition is an opportunity for GTS to further expand their worldwide operations. “We aim to provide our clients an unrivaled experience when it comes to global visibility, transparency and on-time performance, fully unburdening them of the required logistical handling of their vessels’ spare parts,” he said. “We are excited about becoming part of a larger group and the global development opportunities this acquisition will provide for our teammates.” “Because of the highly fragmented and international nature of our clients’ requirements, they need a trusted partner with a vetted and effective global network,” added GTS co-CEO Vegard Prytz. “GTS will gain enormous benefits from leveraging the global AIT infrastructure, creating an even more integrated and seamless solution for clients around the world.”

Read More

Freight, Supply Chain

Kuehne+Nagel pioneers carbon insetting for electric trucks to accelerate fleet electrification

Kuehne+Nagel | January 08, 2024

The new year starts with electrifying news as Kuehne+Nagel announces its Book & Claim insetting solution for electric vehicles. This makes Kuehne+Nagel the first logistics service provider to launch this solution, which previously was limited to low-emission fuels. Implementing decarbonisation solutions and helping customers achieve their sustainability goals is a key component of Kuehne+Nagel’s Roadmap 2026 Living ESG cornerstone. Developing Book & Claim insetting solutions for road freight was a strategic priority for Kuehne+Nagel. Last October, it launched an insetting solution for HVO—now followed by electric vehicles. The first-of-its-kind solution has been tested and validated in cooperation with leading external stakeholders. Customers who use Kuehne+Nagel’s road transport services can now ‘claim’ the carbon reductions of electric trucks when it is not possible to physically move their goods on these vehicles. Reasons for that could be insufficient charging infrastructure or a limited driving range and payload. The solution helps to bridge those challenges which today still limit the deployment of electric trucks. “We see battery-Electric Vehicles (BEVs) as the future to reduce emissions in road freight. Carbon insetting supports the scale-up of low-emission solutions like BEVs and helps to reduce the premium that customers pay for these solutions, thereby supporting the decarbonisation of road transport,” says Hansjörg Rodi, Member of the Management Board at Kuehne+Nagel International AG, responsible for Road Logistics. For now, only Kuehne+Nagel’s owned BEVs are part of the Book & Claim offer to keep full control and transparency over the accuracy of the data that is used in the calculations. However, the team aims to expand the solution to BEVs operated by its partners so that it can support them in their fleet electrification journeys too. “Purchasing electric trucks can be a heavy financial burden, especially for smaller carriers. Including carriers in our solution requires further complex developments in the accounting methodology, but it would help them to finance their transition. This is our next priority,” concludes Rodi.

Read More