Tag: supply-chain
-
Software Supply Chain Security Firm Lineaje Raises $20M in Series A Funding
by
in SecurityNewsSoftware supply chain security startup Lineaje has raised $20 million in a Series A funding round that brings the total to $27 million. The post Soft… First seen on securityweek.com Jump to article: www.securityweek.com/software-supply-chain-security-firm-lineaje-raises-20m-in-series-a-funding/
-
PKfail Secure Boot bypass lets attackers install UEFI malware
by
in SecurityNewsHundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows at… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pkfail-secure-boot-bypass-lets-attackers-install-uefi-malware/
-
Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads
by
in SecurityNewsSoftware supply chain security startup Chainguard raises a $140 million Series C round that values the company at $1.2 billion. The post Chainguard Ra… First seen on securityweek.com Jump to article: www.securityweek.com/chainguard-raises-140-million-expands-tech-to-secure-ai-workloads/
-
Networking Equipment Riddled With Software Supply Chain Risks
by
in SecurityNewsFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/networking-equipment-riddled-with-software-supply-chain-risks/
-
First Annual OSCR Report Reveals 95% of Organizations Have at Least One Severe Security Risk Within their Software Supply Chain
by
in SecurityNewsOX Security, the pioneer in Active Application Security Posture Management (Active ASPM), today issued the OSC&R community’s inaugural software su… First seen on itsecurityguru.org Jump to article: www.itsecurityguru.org/2024/07/17/first-annual-oscr-report-reveals-95-of-organizations-have-at-least-one-severe-security-risk-within-their-software-supply-chain
-
Chainguard Raises $140M to Drive AI Support, Global Growth
by
in SecurityNewsCompany Seeks to Expand Globally and Grow Its US Public Sector Presence. A supply chain security firm led by an ex-Google Cloud engineer closed a Seri… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chainguard-raises-140m-to-drive-ai-support-global-growth-a-25854
-
3 million iOS and macOS apps were exposed to potent supply-chain attacks
by
in SecurityNewsFirst seen on arstechnica.com Jump to article: arstechnica.com/
-
‘Almost every Apple device’ vulnerable to CocoaPods supply chain attack
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/07/02/cocoapods_vulns_supply_chain_potential/
-
A Top-Ten List You Don’t Want to Be On
by
in SecurityNewsOX Research Maps Most Common Supply Chain Vulnerabilities to Attacker TTPs For our recent threat research report, OSC&R in the Wild: A New Look at… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/a-top-ten-list-you-dont-want-to-be-on/
-
Supply-chain ransomware attack cripples thousands of car dealerships
by
in SecurityNewsFirst seen on exponential-e.com Jump to article: www.exponential-e.com/blog/supply-chain-ransomware-attack-cripples-thousands-of-car-dealerships
-
How Amazon’s decision to ditch Active Directory paid off
by
in SecurityNewsAmazon’s decision to build its own identity and access management system was an expensive one, but an infamous supply chain attack validated the move…. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366589442/How-Amazons-decision-to-ditch-Microsoft-Active-Directory-paid-off
-
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
by
in SecurityNewsFirst seen on arstechnica.com Jump to article: arstechnica.com/
-
Eclypsium for Data Centers
by
in SecurityNewsSecurity frameworks and standards are increasingly emphasizing supply chain and firmware security, and for good reason. Attackers are actively targeti… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/eclypsium-for-data-centers/
-
Tensions rise over China’s control of critical materials
by
in SecurityNewsWhile there is disagreement in Congress over how to diversify the critical materials supply chain, there is bipartisan agreement that China’s dominanc… First seen on techtarget.com Jump to article: www.techtarget.com/searchcio/news/366589035/Tensions-rise-over-Chinas-control-of-critical-materials
-
Empower Your Developers with Software Supply Chain Security
by
in SecurityNewsGartner names OX Security as representative vendor in Emerging Tech Impact Radar: DevOps report The historical friction between software developers an… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/empower-your-developers-with-software-supply-chain-security/
-
Supply Chain Cyberattacks are on the Rise Here’s How U.S. Businesses can Fortify Their Defenses
by
in SecurityNewsFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/supply-chain-cyberattacks-are-on-the-rise-heres-how-u-s-businesses-can-fortify-their-defenses/
-
SoftwareChain-Angriff auf JavaScript-Projekt Polyfill.io – Fast 400.000 Webseiten verbreiten Malware
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/software-supply-chain-angriff-polyfill-io-sicherheitswarnung-a-fef8177e85b5a000cc616cb5e41dab17/
-
Firmware, Supply Chain, and Frameworks NIST SP 800-53
by
in SecurityNewsNIST Special Publication 800-53 rev 5, Security and Privacy Controls for Information Systems and Organizations, is one of the most important and influ… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/firmware-supply-chain-and-frameworks-nist-sp-800-53/
-
60 New Malicious Packages Uncovered in NuGet Supply Chain Attack
by
in SecurityNewsThreat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/60-new-malicious-packages-uncovered-in.html
-
CodeSecDays 2024: A Deep Dive in Software Supply Chain Security
by
in SecurityNewsExplore key insights from CodeSecDays 2024 on software supply chain security. Learn about AI in DevSecOps, SLSA frameworks, developer-security collabo… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/codesecdays-2024-a-deep-dive-in-software-supply-chain-security/
-
Building A Simple Neural Network Backdoor
by
in SecurityNewsVulnerabilities in supply chains aren’t a new topic and have quite a bit of focus from both a hardware and software perspective. With this post, … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2020/10/29/building-a-simple-neural-network-backdoor/
-
Judge Dismisses Major SEC Charges Against SolarWinds and CISO
by
in SecurityNewsJudge dismissed SEC lawsuit charging SolarWinds and CISO Timothy Brown with hiding security problems before and after the SUNBURST supply chain compro… First seen on securityweek.com Jump to article: www.securityweek.com/judge-dismisses-major-sec-charges-against-solarwinds-and-ciso/
-
Malicious NuGet Campaign Exploits Homoglyphs and Code Injection to Fool Developers
by
in SecurityNewsReversingLabs, a leading software supply chain security firm, has uncovered a sophisticated malicious campaign targeting the NuGet package manager, a … First seen on securityonline.info Jump to article: securityonline.info/malicious-nuget-campaign-exploits-homoglyphs-and-code-injection-to-fool-developers/
-
Cyber-Sicherheit entlang der Lieferkette: Unternehmen müssen sich wieder auf Grundlagen besinnen
by
in SecurityNewsFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/cyber-sicherheit-lieferkette-unternehmen-muss-grundlagen-besinnung
-
‘NullBulge’ threat actor targets software supply chain, AI tech
by
in SecurityNewsSentinelOne published new research detailing NullBulge, an emerging ransomware actor that recently claimed to have stolen data from Disney’s internal … First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366596133/NullBulge-threat-actor-targets-software-supply-chain-AI-tech
-
Dark Web Monitoring: Wie Darknet Crawling die Lieferkette schützt
by
in SecurityNewsDamit es erst gar nicht zur Störung der Lieferkette kommt, sollten Unternehmen die Cyber-Gefährdung ihrer Lieferanten kennen. Nicht jeder Lieferant is… First seen on csoonline.com Jump to article: www.csoonline.com/de/a/wie-darknet-crawling-die-lieferkette-schuetzt
-
OSCR Report Exposes Software Supply Chain Security Vulnerabilities
by
in SecurityNewsFirst Annual Report Analyzes Millions of Vulnerabilities Against the Industry’s First Supply-Chain Specific Attack Matrix Software is the foundation o… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/oscr-report-exposes-software-supply-chain-security-vulnerabilities/
-
Schwachstelle in Cocoapods aufgedeckt – Millionen iOS-Apps verwundbar für Supply-Chain-Attacke
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/cocoapods-sicherheitsluecke-ios-macos-apps-a-9cfb5272ebf1664d7d6cab007968df74/
-
Researchers Warn of Widespread Polyfill Supply Chain Attack
by
in SecurityNewsFirst seen on duo.com Jump to article: duo.com/decipher/researchers-warn-of-widespread-polyfill-supply-chain-attack