Tag: supply-chain
-
How to evaluate and mitigate risks to the global supply chain
Tags: access, business, ceo, ciso, communications, compliance, control, cyberattack, cybersecurity, data, framework, governance, government, intelligence, international, ISO-27001, kaspersky, microsoft, mitigation, monitoring, office, resilience, risk, risk-assessment, risk-management, russia, service, soc, software, supply-chain, technology, threat, tool, update, vulnerabilityMaintain a diversified supply chain: Organizations that source from international technology suppliers need to ensure they are not overly reliant on a single vendor, single region or even a single technology. Maintaining a diversified supply chain can mitigate costly disruptions from a cyberattack or vulnerability involving a key supplier, or from disruptions tied to regulatory…
-
CISO success story: How LA County trains (and retrains) workers to fight phishing
Tags: ai, awareness, breach, business, chatgpt, cio, ciso, cloud, compliance, computing, control, corporate, cybersecurity, data, dos, election, email, endpoint, government, hacker, healthcare, incident response, jobs, law, lessons-learned, malicious, marketplace, network, phishing, privacy, regulation, risk, risk-management, service, software, strategy, supply-chain, tactics, technology, threat, tool, training, vulnerability(The following interview has been edited for clarity and length.)At first glance, LA County’s reporting structure who reports to whom seems, well, fairly complex.We have a federated model: I report to the county CIO. Each department acts as an independent business and has its own department CIO and information security officer. Their job is to…
-
Open Source AI Models: Perfect Storm for Malicious Code, Vulnerabilities
Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply chain security and checking for vulnerabilities. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/open-source-ai-models-pose-risks-of-malicious-code-vulnerabilities
-
Lazarus Group Targets Developers Worldwide with New Malware Tactic
Tags: crypto, cyber, cybercrime, group, korea, lazarus, malware, north-korea, software, supply-chain, tacticsNorth Korea’s Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign targeting software developers and cryptocurrency users. Dubbed Operation Marstech Mayhem, this operation leverages the group’s latest implant, >>Marstech1,
-
Russian hacking group targets critical infrastructure in the US, the UK, and Canada
Tags: access, attack, blizzard, computer, control, cyber, cyberattack, cybersecurity, data, espionage, exploit, fortinet, group, hacker, hacking, infrastructure, intelligence, international, microsoft, military, network, ransomware, russia, software, strategy, supply-chain, threat, tool, ukraine, update, vulnerability, zero-trustWeaponizing IT software against global enterprises: Since early 2024, the hackers have exploited vulnerabilities in widely used IT management tools, including ConnectWise ScreenConnect (CVE-2024-1709) and Fortinet FortiClient EMS (CVE-2023-48788). By compromising these critical enterprise systems, the group has gained undetected access to networks, Microsoft warned.”Seashell Blizzard’s specialized operations have ranged from espionage to information operations…
-
North Korea targets crypto developers via NPM supply chain attack
Yet another cash grab from Kim’s cronies and an intel update from Microsoft First seen on theregister.com Jump to article: www.theregister.com/2025/02/13/north_korea_npm_crypto/
-
JFrog und AWS intensivieren Zusammenarbeit: Optimierte DevSecOps-Lösungen für die Cloud
Software-Lieferkette: Die erweiterte Zusammenarbeit bietet Unternehmenskunden zahlreiche Vorteile: Durch die Möglichkeit, Arbeitslasten schneller auf AWS zu migrieren, steigern Unternehmen den Wert ihrer Cloud-Investitionen erheblich. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-und-aws-intensivieren-zusammenarbeit-optimierte-devsecops-loesungen-fuer-die-cloud/a39788/
-
Researchers Breach Software Supply Chain and Secure $50K Bug Bounty
Tags: breach, bug-bounty, cyber, cybersecurity, data-breach, exploit, flaw, software, supply-chain, vulnerabilityA duo of cybersecurity researchers uncovered a critical vulnerability in a software supply chain, landing them an extraordinary $50,500 bug bounty. The exploit, described as an “Exceptional Vulnerability,” not only exposed systemic flaws in software supply chain security but also demonstrated just how far-reaching the impact of overlooked weak points can be. The researchers, who…
-
It’s time to secure the extended digital supply chain
Organizations’ increasing reliance on third-party software and services has created an environment with more vulnerabilities and harder-to-detect risks. Attackers know they … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/12/supply-chain-risk/
-
How Trump’s Funding Freeze Threatens US Port Cybersecurity
Experts Testify Budget Cuts Could Hurt Security Investments, Disrupt Supply Chains. President Donald Trump’s federal funding freeze threatens to significantly weaken U.S. maritime cybersecurity efforts as China expands its control over global ports, experts warned in congressional testimony. Attacks on ports could disrupt supply chains and destabilize global trade. First seen on govinfosecurity.com Jump to…
-
The Rise of Typhoon Cyber Groups
Tags: access, attack, breach, communications, control, cyber, cyberattack, cybersecurity, data, defense, dns, endpoint, espionage, exploit, finance, government, group, infrastructure, intelligence, iot, military, monitoring, network, phone, resilience, supply-chain, tactics, threat, tool, vulnerability, zero-day -
VeraCore zero-day vulnerabilities exploited in supply chain attacks
Cybercriminals maintained access to one victim;organization for more than four years. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/veracore-zero-day-vulnerabilities-exploited-in-supply-chain-attacks/739784/
-
XE Group Shifts From Card Skimming to Supply Chain Attacks
The likely Vietnam-based threat actor has been using two zero-days in VeraCore’s warehouse management software in some of its latest cyberattacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/xe-group-shifts-card-skimming-supply-chain-attacks
-
Protecting Your Software Supply Chain: Assessing the Risks Before Deployment
Imagine you’re considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization’s environment.…
-
Die besten DAST- & SAST-Tools
Tags: access, ai, api, application-security, authentication, awareness, cloud, cyberattack, cybersecurity, docker, framework, HIPAA, injection, PCI, rat, risk, risk-management, service, software, sql, supply-chain, tool, vulnerability, vulnerability-managementTools für Dynamic und Static Application Security Testing helfen Entwicklern, ihren Quellcode zu härten. Wir zeigen Ihnen die besten Tools zu diesem Zweck.Die Softwarelieferkette respektive ihre Schwachstellen haben in den vergangenen Jahren für viel Wirbel gesorgt. Ein besonders schlagzeilenträchtiges Beispiel ist der Angriff auf den IT-Dienstleister SolarWinds, bei dem mehr als 18.000 Kundenunternehmen betroffen waren.…
-
Projecting the next decade of software supply chain security
A 2035 vision includes a shift that combines security and innovation. First seen on cyberscoop.com Jump to article: cyberscoop.com/projecting-the-next-decade-of-software-supply-chain-security/
-
AI’s Role in Cutting Costs and Cybersecurity Threats in Logistics
Supply chains are under immense pressure. Fuel costs are skyrocketing, delays are becoming the norm, and cybersecurity threats… First seen on hackread.com Jump to article: hackread.com/ai-role-cutting-costs-cybersecurity-threats-logistics/
-
The SolarWinds $4.4 billion acquisition gives CISOs what they least want: Uncertainty
Tags: attack, breach, business, cisa, ciso, cyber, cybersecurity, finance, government, group, risk, risk-management, service, software, strategy, supply-chain, tool, updateWhen SolarWinds on Friday announced a $4.4 billion cash deal for it to be acquired by private equity (PE) firm Turn/River Capital, it delivered the last thing that nervous enterprise CISOs want: Uncertainty, to be followed by more uncertainty.”Whenever a security company gets acquired by private equity, you never want to throw a party,” said…
-
Modern Bank Heists 2025: Revenge of the Zero Days
Tom Kellermann’s Annual Report on Key Threats to Financial Sector. Zero days. Supply chain attacks. APIs and cloud environments as growing threat vectors. These are among the topics discussed in this seventh annual Modern Bank Heists report, and author Tom Kellermann discusses their impact on financial institutions – and which defensive gaps need to be…
-
Private equity firm to acquire SolarWinds for $4.4B
SolarWinds, which now will go private, was embroiled in a massive supply chain attack in 2020 linked to Russia-backed threat actors. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/private-equity-firm-to-acquire-solarwinds-for-44b/739573/
-
CIOs and CISOs grapple with DORA: Key challenges, compliance complexities
Tags: access, automation, banking, business, cio, ciso, communications, compliance, control, country, cyber, cybersecurity, data, dora, finance, framework, GDPR, governance, jobs, law, monitoring, network, nis-2, penetration-testing, privacy, regulation, resilience, risk, risk-management, service, skills, supply-chain, technology, threat, tool, training, vulnerabilityIn force since January, the Digital Operational Resilience Act (DORA) has required considerable effort from CIOs and CISOs at 20 types of financial entities to achieve compliance. For many, the journey is not complete.”In the past months, financial entities targeted by DORA have been busy internally defining roles and responsibilities related to ICT security, identifying…
-
Software Supply Chain Compromise Possible With Neglected AWS S3 Buckets
First seen on scworld.com Jump to article: www.scworld.com/brief/software-supply-chain-compromise-possible-with-neglected-aws-s3-buckets
-
Extensive software supply chain compromise possible with deserted AWS S3 buckets
First seen on scworld.com Jump to article: www.scworld.com/brief/extensive-software-supply-chain-compromise-possible-with-deserted-aws-s3-buckets
-
Go Module Mirror served backdoor to devs for 3+ years
Supply chain attack targets developers using the Go programming language. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/02/backdoored-package-in-go-mirror-site-went-unnoticed-for-3-years/
-
Weaponized Go Package Module Let Attackers Gain Remote Access to Infected Systems
Tags: access, attack, backdoor, cyber, cybersecurity, malicious, open-source, software, supply-chain, threatIn a significant software supply chain attack, cybersecurity researchers uncovered a malicious Go package that impersonates the widely trusted BoltDB database module. The typosquat packagegithub.com/boltdb-go/bolt was found to include a backdoor enabling remote access to infected systems, allowing attackers to execute arbitrary commands. This discovery underscores the growing sophistication of threats targeting open-source ecosystems. The…
-
More sophisticated XE Group attacks pose greater supply chain threat
First seen on scworld.com Jump to article: www.scworld.com/brief/more-sophisticated-xe-group-attacks-pose-greater-supply-chain-threat
-
The Supply Chain Security System of Low-altitude Economy
Previous posts: Security Risks of Low-altitude Economy The Network Security Business System of Low-altitude Economy The low-altitude economic supply chain security system aims to build an all-round security system from upstream to downstream. The upstream links ensure the safety at source by strictly controlling the supply of raw materials and key components. Implement trusted design…The…