Tag: supply-chain
-
XZ backdoor discovery reveals Linux supply chain attack
by
in SecurityNewsA maintainer for XZ, a popular open source compression library for Linux distributions, compromised the open source project over the course of two yea… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366577602/XZ-backdoor-discovery-reveals-Linux-supply-chain-attack
-
JFrog Software Supply Chain State of the Union 2024 – Risiken und Chancen für Software-Lieferketten in Deutschland
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/software-supply-chain-risiken-und-potenziale-2024-a-3f333ba3d57d3dcab2be146c128702b3/
-
Top.gg supply chain attack highlights subtle risks
by
in SecurityNewsThreat actors used fake Python infrastructure and cookie-stealing to poison multiple GitHub code repositories, putting another spotlight on supply cha… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366575534/Topgg-supply-chain-attack-highlights-subtle-risks
-
Lösungspaket für die Software Composition Analysis (SCA) – Synopsys nimmt Risiken in der Software-Lieferkette ins Visier
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/synopsys-black-duck-supply-chain-edition-sicherheit-software-lieferkette-a-e29d2358ddc25d95f8514c9d9f4f9fc9/
-
Protobom: Open-source software supply chain tool
by
in SecurityNewsProtobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communi… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/04/19/protobom-open-source-software-supply-chain-tool/
-
Sisense Password Breach Triggers ‘Ominous’ CISA Warning
by
in SecurityNewsWith stores of mega-corporate business intelligence, a Sisense compromise could potentially mushroom into supply chain cyberattack disaster, experts f… First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/sisense-breach-triggers-cisa-password-reset-advisory
-
Why MLBOMs Are Useful for Securing the AI/ML Supply Chain
by
in SecurityNewsA machine learning bill of materials (MLBOM) framework can bring transparency, auditability, control, and forensic insight into AI and ML supply chain… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/mlboms-are-useful-for-securing-ai-ml-supply-chain
-
Cisco Duo customer MFA message logs stolen in supply chain hack
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/news/cisco-duo-customer-mfa-message-logs-stolen-in-supply-chain-hack
-
PyPI halted new users and projects while it fended off supply-chain attack
by
in SecurityNewsFirst seen on arstechnica.com Jump to article: arstechnica.com/
-
CISA software supply chain security form omits SBOMs
by
in SecurityNewsFederal suppliers now have a self-attestation deadline amid ongoing efforts to secure software supply chains. But SBOMs’ spotlight is fading and big r… First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366573974/CISA-software-supply-chain-security-form-omits-SBOMs
-
The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind
by
in SecurityNewsThe thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the m… First seen on wired.com Jump to article: www.wired.com/story/jia-tan-xz-backdoor/
-
Synopsys Introduces Latest Solution for Comprehensive Security Across Software Supply Chains
by
in SecurityNewsSynopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis (SCA) solution. This offering aids organisations in mi… First seen on itsecurityguru.org Jump to article: www.itsecurityguru.org/2024/04/09/synopsys-introduces-latest-solution-for-comprehensive-security-across-software-supply-chains
-
New Tool Aims to Simplify and Streamline SBOM Adoption
by
in SecurityNewsOpenSSF Partners With DHS and CISA to Launch Global Software Supply Chain Project. OpenSSF launched a new tool Tuesday in partnership with the Departm… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/new-tool-aims-to-simplify-streamline-sbom-adoption-a-24872
-
SoftwareChain-Angriff: xz-utils-Backdoor gefährdet Linux-Systeme
by
in SecurityNewsEine Supply-Chain-Attacke über xz-utils sorgt seit einigen Tagen für Aufregung in der IT-Security-Szene. Der Angriff wurde offenbar von langer Hand ge… First seen on csoonline.com Jump to article: www.csoonline.com/de/a/xz-utils-backdoor-gefaehrdet-linux-systeme
-
Sisense Breach Highlights Rise in Major Supply Chain Attacks
by
in SecurityNewsExperts Warn of Growing Threat From Supply Chain Attacks After High-Profile Breach. Cybersecurity experts are sounding the alarm over a rise in supply… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/sisense-breach-highlights-rise-in-major-supply-chain-attacks-a-24864
-
6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers
by
in SecurityNewsThe software supply chain is filled with various challenges, such as untracked security vulnerabilities in open-source components and inconsistent upd… First seen on gbhackers.com Jump to article: gbhackers.com/lighttpd-flaw-intel-lenovo-servers/
-
Tips for Securing the Software Supply Chain
by
in SecurityNewsIndustry experts share how to implement comprehensive security strategies necessary to secure the software supply chain in Dark Reading’s latest Tech … First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/tips-for-securing-the-software-supply-chain
-
Home Depot Hammered by Supply Chain Data Breach
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/home-depot-hammered-by-supply-chain-data-breach
-
Sisense customers told to reset credentials amid supply chain attack fears
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/news/sisense-customers-told-to-reset-credentials-amid-supply-chain-attack-fears
-
ISMG Editors: Unpacking the Change Healthcare Attack Saga
by
in SecurityNewsAlso: Positive Cyber Market Trends, AI Threats to Supply Chain Security. In the latest weekly update, four ISMG editors discussed the unending twists … First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ismg-editors-unpacking-change-healthcare-attack-saga-a-24848
-
Software supply chain risk mitigation sought by new Synopsys solution
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/software-supply-chain-risk-mitigation-sought-by-new-synopsys-solution
-
Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets
by
in SecurityNewsThe US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics tools. T… First seen on securityweek.com Jump to article: www.securityweek.com/sisense-data-breach-triggers-cisa-alert-and-urgent-calls-for-credential-resets/
-
XZ-Utils-Vorfall Open Source als SoftwareChain-Falle
by
in SecurityNewsDie Entwicklung von Open-Source wird oftmals angepriesen, da die Projekte öffentlich zugänglich sind und somit von Unabhängigen überprüft werden könne… First seen on netzpalaver.de Jump to article: netzpalaver.de/2024/04/08/xz-utils-vorfall-open-source-als-software-supply-chain-falle/
-
XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor
by
in SecurityNewsFirst seen on techrepublic.com Jump to article: www.techrepublic.com/article/xz-backdoor-linux/
-
Breach Roundup: Sisense Supply Chain Attack
by
in SecurityNewsAlso: A Romanian Botnet and Alcohol Counselor Monument Settles with US FTC Over Ads. This week, Sisense supply chain attack, a likely Romanian botnet,… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-sisense-supply-chain-attack-a-24841
-
Supply chain SNAFU causes Intel and others to ship hackable hardware for 5 years
by
in SecurityNewsFirst seen on arstechnica.com Jump to article: arstechnica.com/
-
Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks
by
in SecurityNewsWiz.io, known for its cloud security expertise, and Hugging Face, a leader in open-source AI tools, are combining their knowledge to develop solutions… First seen on hackread.com Jump to article: www.hackread.com/hugging-face-vulnerability-ai-supply-chain-attack/
-
Eclypsium’s Digital Supply Chain Security Platform Releases AI-Assisted Binary Analysis Engine
by
in SecurityNewsNew Eclypsium Automata replicates expert security researchers’ knowledge and leverages advances in machine learning to discover threats, backdoors, an… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/eclypsiums-digital-supply-chain-security-platform-releases-ai-assisted-binary-analysis-engine/
-
Open-Source Foundations Join Forces on Digital Supply Chain
by
in SecurityNewsEurope’s Cyber Resilience Act Pressures Open-Source Foundations and Manufacturers. Foundations housing seven large open-source projects are banding to… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/open-source-foundations-join-forces-on-digital-supply-chain-a-24804
-
XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/xz-utils-backdoor-implanted-in-intricate-multi-year-supply-chain-attack