Tag: supply-chain
-
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator
by
in SecurityNewsThe recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/polyfillio-bootcdn-bootcss-staticfile-attack-traced-to-1-operator/
-
High-Risk Overflow Bug in Intel Chips Likely Impacts 100s of PC Models
by
in SecurityNewsThe old, but newly disclosed, vulnerability is buried deep inside personal computers, servers, and mobile devices, and their supply chains, making rem… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/high-risk-overflow-bug-in-intel-chips-likely-impacts-100s-of-pc-models
-
Polyfill.io JavaScript supply chain attack impacts over 100K sites
by
in SecurityNewsOver 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script w… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/polyfillio-javascript-supply-chain-attack-impacts-over-100k-sites/
-
Plugins on WordPress.org backdoored in supply chain attack
by
in SecurityNewsA threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts wit… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/plugins-on-wordpressorg-backdoored-in-supply-chain-attack/
-
WordPress Plugin Supply Chain Attack Gets Worse
by
in SecurityNewsFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/wordpress-plugin-malware-richixbw/
-
B+ security rating masks healthcare supply chain risks
by
in SecurityNewsWhile the healthcare sector gets a B+ security rating for the first half of 2024, it faces a critical vulnerability: supply chain cyber risk, accordin… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/26/healthcare-security-ratings/
-
Polyfill Supply Chain Attack Hits Over 100k Websites
by
in SecurityNewsMore than 100,000 websites are affected by a supply chain attack injecting malware via a Polyfill domain. The post n 100,000 websites are affected by … First seen on securityweek.com Jump to article: www.securityweek.com/polyfill-supply-chain-attack-hits-over-100k-websites/
-
Cloud and Other Supply Chain Security: What Questions to Ask
by
in SecurityNewsSupply chains tend to be incredibly complex. As a result, many organizations struggle with their supply chain risk assessments. Yet the risks in the s… First seen on itgovernanceusa.com Jump to article: www.itgovernanceusa.com/blog/securing-your-supply-chain-and-third-parties
-
Several Plugins Compromised in WordPress Supply Chain Attack
by
in SecurityNewsFive WordPress plugins were injected with malicious code that creates a new administrative account. The post dPress plugins were injected with malicio… First seen on securityweek.com Jump to article: www.securityweek.com/several-plugins-compromised-in-wordpress-supply-chain-attack/
-
WordPress Plugins Hit by Supply Chain Attack: Update Now!
by
in SecurityNewsA new supply chain attack has impacted several plugins hosted on WordPress.org. This WordPress vulnerability, discovered on June 24th, 2024, by the Wo… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/wordpress-supply-chain-attack/
-
Why SaaS Security is Suddenly Hot: Racing to Defend and Comply
by
in SecurityNewsRecent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other indus… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/why-saas-security-is-suddenly-hot.html
-
How Amazon’s decision to ditch Microsoft Active Directory paid off
by
in SecurityNewsAmazon’s decision to build its own identity and access management system was an expensive one, but an infamous supply chain attack validated the move…. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366589442/How-Amazons-decision-to-ditch-Microsoft-Active-Directory-paid-off
-
Global, federal commitments to bolster energy supply chain cybersecurity detailed
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/global-federal-commitments-to-bolster-energy-supply-chain-cybersecurity-detailed
-
Runtime Enforcement: Software Security After the Supply Chain Ends
by
in SecurityNewsRuntime enforcement is the future of software security, if we can only make it accessible to the developers that understand their applications the bes… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/runtime-enforcement-software-security-after-the-supply-chain-ends/
-
Suspected supply chain attack backdoors courtroom recording software
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/05/24/suspected_supply_chain_attack_backdoors/
-
Eclypsium Overview
by
in SecurityNewsAn introduction to Eclypsium’s supply chain security, zero trust and device integrity solutions. The post duction to Eclypsium’s supply chain security… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/eclypsium-overview/
-
Software Supply Chain Risks ⎪Cassie Crossley (VP Supply Chain Security, Schneider Electric)
by
in SecurityNewsThis blog is based on our conversation with Cassie Crossley, Vice President of Supply Chain Security at Schneider Electric. It covers the unique chall… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/software-supply-chain-risks-%e2%8e%aacassie-crossley-vp-supply-chain-security-schneider-electric/
-
#Infosec2024: Supply Chains Remain Hidden Threat to Business
by
in SecurityNewsFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/infosec2024-supply-chains-hidden/
-
Eclypsium and Panasonic Connect North America Partner to Protect Against Digital Infrastructure Threats Below the Surface With Smart Compliance
by
in SecurityNewsPortland, OR June 6, 2024 Eclypsium®, the supply chain security company protecting critical hardware, firmware, and software, today announced its coll… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/eclypsium-and-panasonic-connect-north-america-partner-to-protect-against-digital-infrastructure-threats-below-the-surface-with-smart-compliance/
-
BTS #31 Managing Complex Digital Supply Chains Cassie Crossley
by
in SecurityNews
Tags: supply-chainCassie has a long history of successfully managing a variety of security programs. Today, she leads supply chain efforts for a very large product comp… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/bts-31-managing-complex-digital-supply-chains-cassie-crossley/
-
#Infosec2024: UK Businesses Faced with Month-Long Recoveries from Supply Chain Attacks
by
in SecurityNewsA new BlackBerry survey reveals frequent software supply chain attacks in the UK, highlighting the need for improved security measures and robust guid… First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/uk-businesses-recoveries-supply/
-
DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?
by
in SecurityNewsIntroductionThe infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were sei… First seen on thehackernews.com Jump to article: thehackernews.com/2024/05/devops-dilemma-how-can-cisos-regain.html
-
Shining the Light on Shadow IT: Top Five SaaS Security Tips for Third-Party Risk Management
by
in SecurityNewsSecurity teams often grapple with the uncertainty of data exposure in their SaaS supply chain, especially with third-party SaaS vendors. A proactive a… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/shining-the-light-on-shadow-it-top-five-saas-security-tips-for-third-party-risk-management/
-
The State of Software Supply Chain Security Risks – Weiterhin Schwachstellen in Development-Prozessen
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/software-lieferketten-schwachstellen-und-angriffe-a-14f5b9dd27937597125167387d5adf87/
-
Threat Hunting 101: Five Common Threats to Look For
by
in SecurityNewsLearn more about supply chain threats and where to find them. The post re about supply chain threats and where to find them. The post re about supply … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/threat-hunting-101-five-common-threats-to-look-for/
-
Most Companies Affected by Software Supply Chain Attacks in the Last Year, Struggling to Detect and React Effectively
by
in SecurityNewsOver the past year, a significant portion of global organisations (54%) experienced software supply chain attacks, with many struggling to adapt to th… First seen on itsecurityguru.org Jump to article: www.itsecurityguru.org/2024/05/16/most-companies-affected-by-software-supply-chain-attacks-in-the-last-year-struggling-to-detect-and-react-effectively
-
Congo Lawyers Say They Have New Evidence On Apple’s Minerals Supply Chain
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/35912/Congo-Lawyers-Say-They-Have-New-Evidence-On-Apples-Minerals-Supply-Chain.html
-
Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack
by
in SecurityNewsMalicious actors compromised the JAVS Viewer installer to deliver the RustDoor malware in a supply chain attack. Rapid7 researchers warned that threat… First seen on securityaffairs.com Jump to article: securityaffairs.com/163683/hacking/supplay-chain-attack-javs-viewer.html
-
JAVS courtroom recording software backdoored in supply chain attack
by
in SecurityNewsAttackers have backdoored the installer of widely used Justice AV Solutions (JAVS) courtroom video recording software with malware that lets them take… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/javs-courtroom-recording-software-backdoored-in-supply-chain-attack/
-
Courtroom Recording Software Compromised in Supply Chain Attack
by
in SecurityNewsThreat actors compromised a popular audio-visual software package used in courtrooms, prisons, government, and lecture rooms around the world by injec… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/courtroom-recording-software-compromised-in-supply-chain-attack/