Tag: supply-chain
-
Massive copycat gambling site network leveraged in Polyfill supply chain attack
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/massive-copycat-gambling-site-network-leveraged-in-polyfill-supply-chain-attack
-
Why software supply chain attacks persist
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/perspective/why-software-supply-chain-attacks-persist
-
North Korean APT Exploited IE Zero Day In Supply Chain Attack
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36494/North-Korean-APT-Exploited-IE-Zero-Day-In-Supply-Chain-Attack.html
-
Are hardware supply chain attacks cyber attacks?
by
in SecurityNewsIt shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltr… First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/threat-source-newsletter-sept-26-2024/
-
New Scoring System Helps Secure the Open Source AI Model Supply Chain
by
in SecurityNewsAI models from Hugging Face can contain similar hidden problems to OSS downloads from repositories such as GitHub. The post New Scoring System Helps S… First seen on securityweek.com Jump to article: www.securityweek.com/new-scoring-system-helps-secure-the-open-source-ai-model-supply-chain/
-
Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems
by
in SecurityNewsCybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart P… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/supply-chain-attacks-exploit-entry.html
-
Socket Raises $40 Million for Supply Chain Security Tech
by
in SecurityNewsSocket has raised $40 million in a Series B funding round to work on open source software supply chain security technology. The post Socket Raises $40… First seen on securityweek.com Jump to article: www.securityweek.com/socket-raises-40-million-for-supply-chain-security-tech/
-
Microsoft issues first Secure Future Initiative report
by
in SecurityNewsIn the first progress report since the launch of its Secure Future Initiative, Microsoft said it’s made key improvements to identity and supply chain … First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366611385/Microsoft-issues-first-Secure-Future-Initiative-report
-
SEC charges companies for minimizing SolarWinds attack risks
by
in SecurityNewsThe U.S. Securities and Exchange Commission fined the companies for misleading investors about intrusions stemming from the SolarWinds supply chain at… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366614413/SEC-charges-4-companies-for-downplaying-SolarWinds-attack-risks
-
North Korea-linked APT37 exploited IE zero-day in a recent attack
by
in SecurityNews
Tags: attack, exploit, group, Internet, korea, north-korea, supply-chain, threat, vulnerability, zero-dayNorth Korea-linked group APT37 exploited an Internet Explorer zero-day vulnerability in a supply chain attack. A North Korea-linked threat actor, trac… First seen on securityaffairs.com Jump to article: securityaffairs.com/169983/apt/north-korea-apt37-ie-zero-day.html
-
CISA Urges Improvements in US Software Supply Chain Transparency
by
in SecurityNewsFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-software-supply-chain/
-
Angriffe auf PyPIChain – Revival Hijack bedroht über 22.000 PyPI-Pakete
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/neue-angriffsmethode-python-package-index-jfrog-sicherheitsanalyse-a-94bc7f8a57108d45ec2aae8de5b73926/
-
North Korean APT Exploited IE Zero-Day in Supply Chain Attack
by
in SecurityNewsA Pyongyang-aligned APT was caught exploiting a recent zero-day in Internet Explorer in a supply chain attack. The post North Korean APT Exploited IE … First seen on securityweek.com Jump to article: www.securityweek.com/north-korean-apt-exploited-ie-zero-day-in-supply-chain-attack/
-
Open-Source Entry Points Targeted for Supply Chain Compromise
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/open-source-entry-points-targeted-for-supply-chain-compromise
-
Open Source Package Entry Points May Lead to Supply Chain Attacks
by
in SecurityNewsEntry points in packages across multiple programming languages are susceptible to exploitation in supply chain attacks. The post Open Source Package E… First seen on securityweek.com Jump to article: www.securityweek.com/open-source-package-entry-points-may-lead-to-supply-chain-attacks/
-
Supply Chain Attacks Exploit Entry Points in Python, npm, and Open-Source Ecosystems
by
in SecurityNewsCybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart P… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/supply-chain-attacks-exploit-entry.html
-
Schwachstellen in der Supply-Chain verdoppeln sich jedes Jahr
by
in SecurityNewsDer Report The State of Software Supply Chain fasst Trends und Risiken der Software-Lieferkette zusammen. Schwachstellen bleiben über Jahre hinweg unb… First seen on heise.de Jump to article: www.heise.de/news/Report-Malware-und-Supply-Chain-Angriffe-bedrohen-Unternehmen-9976657.html
-
Credit monitoring and supply chain risk company hacked
by
in SecurityNewsFirst seen on cyberscoop.com Jump to article: cyberscoop.com/credit-risk-monitor-cyber-crmz-ransomware/
-
News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability
by
in SecurityNewsAustin, TX, Oct. 10th, 2024, CyberNewswire, SpyCloud, the leader in Identity Threat Protection, announced that its SaaS Investigations solution has be… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/news-alert-spycloud-accelerates-supply-chain-risk-analysis-with-new-idlink-correlation-capability/
-
Australian Police conducted supply chain attack on criminal collaborationware
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/09/18/afp_operation_kraken_ghost_crimeware_app/
-
Channel Brief: Security Scorecard Transforms to Supply Chain Protection, Sophos Intros New Firewall Tech
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/channel-brief-security-scorecard-transforms-to-supply-chain-protection-sophos-intros-new-firewall-tech
-
SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis Threat Actor Attribution
by
in SecurityNewsFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/spycloud-embeds-identity-analytics-in-cybercrime-investigations-solution-to-accelerate-insider-and-supply-chain-risk-analysis-threat-actor-attribution/
-
JFrog and GitHub unveil open source security integrations
by
in SecurityNewsSecure software specialist JFrog is working with code development service GitHub to integrate the onboard capabilities of its Software Supply Chain Pl… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366609897/JFrog-and-GitHub-unveil-new-open-source-security-integrations
-
JFrog connects key software supply chain management dots
by
in SecurityNewsJFrog ties in with GitHub and Nvidia and ships Runtime Security to offer visibility into software supply chains from source code to production and bac… First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366610120/JFrog-connects-key-software-supply-chain-management-dots
-
WordPress plugin and theme developers told they must use 2FA
by
in SecurityNewsStarting October 1, WordPress plugin and theme developers must enable 2FA. This move aims to boost security and help prevent supply-chain attacks from… First seen on tripwire.com Jump to article: www.tripwire.com/state-of-security/wordpress-plugin-and-theme-developers-told-they-must-use-2fa
-
National Cyber Director warns of ransomware, Chinese infrastructure attacks and cyber supply chain concerns
by
in SecurityNewsFirst seen on therecord.media Jump to article: therecord.media/national-cyber-director-coker-warns-ransomware-supply-chain-attacks-china-critical-infrastructure
-
Redefining the Supply Chain in the Post-AI Era
by
in SecurityNewsHow to Navigate the New Challenges and Opportunities AI has enabled supply chains to become more proactive and predictive. Through machine learning al… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/redefining-supply-chain-in-post-ai-era-p-3723
-
FERC Outlines Supply Chain Security Rules for Power Plants
by
in SecurityNewsThe US Federal Energy Regulatory Commission spelled out what electric utilities should do to protect their software supply chains, as well as their ne… First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/ferc-updates-supply-chain-security-power-plants
-
Interview mit Hiscout NIS2 verschärft die Business-Continuity-Anforderungen
by
in SecurityNewsNIS2 verschärft nicht nur die Business-Continuity-Anforderungen, sondern auch die Supply-Chain und die Haftung der Geschäftsführung, etc. Netzpalaver … First seen on netzpalaver.de Jump to article: netzpalaver.de/2024/10/01/interview-mit-hiscout-nis2-verschaerft-die-business-continuity-anforderungen/
-
Python-Package-IndexChain Revival-Hijack betrifft über 22.000 Pakete
by
in SecurityNews
Tags: supply-chainDas Security-Research-Team von JFrog hat kürzlich eine neue Angriffsmethode im Python-Package-Index (PyPI)-Ökosystem aufgedeckt, bekannt als ‘Revival … First seen on netzpalaver.de Jump to article: netzpalaver.de/2024/09/23/python-package-index-supply-chain-revival-hijack-betrifft-ueber-22-000-pakete/