Sign in Subscribe

The email subject

Catherine Sarisky

2 min read
~this week in security~
a cybersecurity newsletter by @zackwhittaker
volume 8, issue 24
past issues | RSS
~ ~

THIS WEEK, TL;DR

Cyberattack at U.S. grocery distributor UNFI affecting store shelves
TechCrunch: It's been a rough week if you're into, well, food. A cyberattack saw one of the top food distributors in North America, United Natural Foods (UNFI), shut much of the company's operations down last week (which wasn't disclosed until a Monday filing) hampering shipments to local grocery stores and large supermarkets. Whole Foods was one of the bigger retailers hit, in part due to its size and that UNFI is its "primary distributor," telling staff the shelf shortages were due to an "outage" at its distributor. (How quaint!) By Saturday, things were starting to return online, but widespread disruption continues across the U.S. and Canada, per affected customers chatting with me over the past few days. (Disclosure alert: I wrote these stories!) I think we sometimes forget how fragile the supply and logistics industry is. No word yet on UNFI's full recovery, or whether data was stolen in the incident. Expect more updates this week, as (hopefully) store shelves will start to recover as the company begins slowly shipping goods out again, but still may take time.
More: UNFI statement | KARE11 | WTIP | Grocery Dive | NBC News

Paragon spyware confirmed used against journalists
Citizen Lab: An ongoing spyware scandal in Italy continues to unravel... the latest twist is that researchers at Citizen Lab have confirmed two journalists — Fanpage reporter Ciro Pellegrino, and the other is unnamed — were hacked with spyware made by Israeli surveillance vendor Paragon. Citizen Lab said the two were probably hacked by the same customer. But whom? All eyes are on Italy, since a parliamentary report confirmed that some of the people involved in this spyware scandal were spied on, in some cases for 'lawful reasons' (heavy quotes for obvious reasons), but that there was no mention of spying on journalists, like Pellegrino. So, is this a cover up? It's starting to look a little more than suspicious, and now Paragon has pulled its contract with Italy over the scandal. As the excellent @jsrailton told my TechCrunch colleague @lorenzofb that last week Italy was "putting this scandal to bed [but] now they'll have to reckon with new forensic evidence." The ball is in Italy's court. Meanwhile: Apple quietly disclosed this week that it fixed the zero-day bug back in February that was being used to hack the journalists.
More: TechCrunch | Associated Press | TechCrunch | The Guardian | Haaretz ($)

Read more