open source and cybersecurity news

June 26, 2023

Australia's First Cyber Security Coordinator, SBOBS are a security staple in the software supply chain, UPS Breach, Follow the Money

In this Episode:

Episode Transcription:

Pokie Huang:

It’s 5:05 on Monday, June 26th, 2023. From the Sourced Podcast Network in New York city, this is Pokie Huang. Stories in today’s episode come from Edwin Kwan in Sydney, Australia, Julie Chatman in Washington, DC, Katy Craig in San Diego, California, Hillary Coover in Washington, DC, and Marcel Brown in St. Louis, Missouri.

Let’s get to it.

Edwin Kwan: 

This is Edwin Kwan from Sydney, Australia. 

The Australian Federal Cabinet signed off on the appointment of the government’s first coordinator of cybersecurity. Following the major cyber attacks against Optus and Medibank, the Home Affairs Minister had raised concerns that there was no functional cyber incident response mechanism within the government.

Air Force Commander, Air Vice-Marshall Darren Goldie, has been appointed into that role and will be coordinating the response to significant incidents and better prepare businesses and government for future cyber incidents. He will be hitting the ground running as major Australian law firm, HWL Ebsworth, recently acknowledged that they had suffered a data breach of over four terabytes of data, including documents describing client and staff. Their clients include big corporations, banks, and the Australian government.

Julie Chatman: 

I’m Julie Chatman in Washington, DC. 

In an increasingly digitized world, software security is essential for building trust and confidence in digital technologies. Governments, businesses and consumers rely on digital platforms and software applications for things like financial transactions and e-commerce, healthcare services, communication, and more. So protecting the modern software supply chain is critical. 

Software bill of materials, or SBOM, is a crucial tool in that endeavor because SBOs enable organizations to understand the components and dependencies of the software they use. 

One analogy often applied to SBOMs is they are like nutrition labels on food packages telling us what’s inside. For developers and cyber defenders alike, knowing what’s inside the software package is key because the use of open source software is on the rise and rapid software development processes are becoming more common. And also because cyber attackers are becoming more clever. 

 How can SBOMs help?

When it comes to cyber defense, time is a valuable commodity. SBOMs support the verification of security protections. They can be used to facilitate checking software components and versions against data databases, such as the National Vulnerability Database or NVD. SBOMs enable organizations to quickly identify if a compromised component or a version targeted in a supply chain attack is present in a software application. 

By leveraging SBOMs organizations can enhance their software security, protect against supply chain attacks and verify security measures. 

Visit for a transcript of this recording and a link to the National Telecommunications and Information and Administration’s SBOM site. This site contains published stakeholder drafted consensus SBOM documents developed as a result of a collaborative community effort, involving stakeholders across many industries, including energy and healthcare.

Katy Craig: 

UPS the shipping giant, revealed that customer data may have been exposed and is now being used in a sneaky phishing operation. 

This is Katie Craig in San Diego, California.

UPS customers reported receiving letters stating that scammers are sending SMS phishing or smishing messages with personal details like names and addresses.

These scammers pretend to be representatives from popular companies like Lego and Apple tricking people into paying for a shipment that doesn’t even exist. And guess what? The scammers got hold of the real name and address from UPS. Talk about a convincing scam. 

UPS launched an internal investigation and found that the attackers were using UPS’s own package lookup tools to access delivery details and personal contact information from February, 2022 to April, 2023.

But don’t worry, UPS is on it. They’ve implemented safeguards to limit access to this sensitive data. However, there’s a little hiccup with UPS’s notification letter. According to BleepingComputer, it starts off sounding like a generic phishing warning before casually mentioning that the recipient’s data has been compromised.

Seriously, folks, brevity is key here. Let’s get straight to the point. Emsisoft Threat Analyst, Brett Callow, rightly points out that the breach notifications need to be crystal clear from the get-go. 

So stay vigilant folks. Don’t fall for those sneaky phishing messages, even if they have your real name and address. And to UPS, let’s keep those breach notifications snappy. No fluff, no confusion. We’re all in this cyber battle together. 

This is Katie Craig. stay safe out there.

Hillary Coover: 

Hi, this is Hillary Cooper. This past weekend’s events in Russia inspired me to focus on the businesses identified by the Treasury Department that are providing support to the Wagner Group, a private mercenary organization. These companies play a significant role in sustaining Wagner’s operations.

Among the identified partners are two Russian firms, TerraTech and AOBARL, who have been assisting Wagner in its activities, particularly in Ukraine. Additionally, China’s Spacety, a company specializing in satellite imagery, has been providing crucial support to the group. 

The Treasury Department’s findings shed light on the intricate network of businesses working alongside Wagner. Their involvement not only raises questions about their complicity, but also underscores the international nature of Wagner’s operations and its ability to attract support from various entities. International open source business records, paired with link analysis, can inform individuals and businesses of any possible connections to sanctioned actors within their supply chain.

These three companies listed in this New York Times article are an excellent starting point for that research for any business. It becomes increasingly crucial for authorities to address financial networks that enable nefarious actors like the Wagner Group to continue its activities and this is a perfect starting point.

Marcel Brown: 

This is Marcel Brown with your technology history for June 25th and 26th. 

June 25th, 1981. Founded six years earlier by Bill Gates and Paul Allen, Microsoft officially incorporated as a company. The timing of the incorporation was about two months ahead of the release of the IBM PC, which would soon change the fortune of Microsoft and the entire technology industry.

June 26th, 1974. A universal product code or UPC is used to ring up a purchase for the first time at a Marsh Supermarket in Troy, Ohio. The first item scanned was a 10 pack of Juicy Fruit gum. Take that to your trivia contests. 

That’s your technology history for today. For more, tune in tomorrow and visit my website

Pokie Huang:

That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.

5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there. 

Thank you to Edwin Kwan, Julie Chatman Katy Craig, Hillary Coover, Marcel Brown for today’s contributions.

The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by This is Pokie Huang. See you tomorrow… at 5:05.



Leave the first comment