Tag: supply-chain
-
Biden order gives CISA software supply chain ‘teeth’
The outgoing administration makes a Hail Mary attempt to salvage work it began in 2021 to require specific software supply chain security information from software suppliers. First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366618234/Biden-order-gives-CISA-software-supply-chain-teeth
-
AI and Applied Security Dominate Nullcon Paper Submissions
CFP Board Members Discuss AI, Hardware Access and Emerging Trends for Nullcon 2025. Cybersecurity research submissions for the Nullcon 2025 CFP Review Board reflect prominent trends and challenges in the field. Nullcon CFP Review Board members Anant Shrivastava and Neelu Tripathi noted a growing focus on AI, supply chain and applied security. First seen on…
-
Cyber Insights 2025: Open Source and Software Supply Chain Security
Open source software (OSS) is a prime target for supply chain cyberattacks and protecting it remains a major challenge. The post Cyber Insights 2025: Open Source and Software Supply Chain Security appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cyber-insights-2025-open-source-and-the-software-supply-chain/
-
The Future of Cybersecurity: Global Outlook 2025 and Beyond
The cybersecurity landscape is entering an unprecedented era of complexity, with AI-driven threats, geopolitical tensions, and supply chain vulnerabilities reshaping how organizations approach digital security. This analysis explores key trends and strategic imperatives for 2025 and beyond. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/the-future-of-cybersecurity-global-outlook-2025-and-beyond/
-
Chinese Connected Car Tech Banned by Biden Administration
National Security and Hacking Worries Underpin Concerns over Supply Chain Risk. The U.S. federal government is telling the automotive industry to stop buying Chinese manufactured hardware and software powering onboard telematics and automated driving systems, warning that the potential for nation-state hacking and espionage poses a national security risk. First seen on govinfosecurity.com Jump to…
-
OneBlood Notifying Donors Affected by 2024 Ransomware Hack
Attack on Blood Center Spotlights Ongoing Supply Chain Risk in Healthcare Sector. Six months after a ransomware attack temporarily crippled its blood donation and distribution activities, Florida-based nonprofit OneBlood is reporting a data breach to regulators that affected donors’ personal information. Why is the incident reawakening healthcare supply chain concerns? First seen on govinfosecurity.com Jump…
-
Companies Double Down on AI and Supply Chain Security, According to Black Duck’s BSIMM15 Report
Organisations worldwide are ramping up efforts to tackle emerging security risks in artificial intelligence (AI) and software supply chains, according to the newly released BSIMM15 report from Black Duck. The report, which examines software security practices across 121 companies, reveals a sharp increase in activities aimed at strengthening defenses against evolving threats. Key findings from…
-
Malicious Kong Ingress Controller Image Found on DockerHub
A critical security breach in the software supply chain has been detected. An attacker accessed Kong’s DockerHub account… First seen on hackread.com Jump to article: hackread.com/malicious-kong-ingress-controller-image-dockerhub/
-
US attacks ransomware supply chain with indictment of three cryptocurrency mixer operators
Tags: attack, business, control, crypto, cybercrime, group, hacking, law, offense, office, ransomware, russia, service, supply-chainThe US Department of Justice indicted three Russian citizens on Friday for allegedly running services that helped criminals launder cryptocurrency; the services are suspected to have been used to hide the proceeds of ransomware attacks.The US Department of Treasury’s Office of Foreign Assets Control (OFAC) had previously sanctioned the two cryptocurrency mixer services the accused…
-
SEC rule confusion continues to put CISOs in a bind a year after a major revision
Tags: attack, breach, business, ciso, citrix, compliance, control, cyber, cyberattack, cybersecurity, data, government, incident, incident response, law, network, privacy, regulation, risk, security-incident, software, strategy, supply-chainConfusion around when and how to report cybersecurity breaches continues to plague companies a year after revised US Securities and Exchange Commission (SEC) cybersecurity breach reporting rules came into effect, experts say.As the agency that regulates and enforces federal US securities laws continues to flex its enforcement muscles against organizations that violate the strict rules,…
-
DNA sequencer vulnerabilities signal firmware issues across medical device industry
Tags: access, advisory, attack, best-practice, computer, computing, control, credentials, data, exploit, firmware, flaw, Hardware, iot, leak, malicious, malware, mitigation, privacy, rce, remote-code-execution, risk, side-channel, software, supply-chain, update, vulnerability, windowsIn highlighting vulnerabilities in a widely used DNA gene sequencing device, security researchers have brought further attention to the likely poor state of security in the medical device industry, where hardware and firmware development is often outsourced to external equipment manufacturers under questionable support contracts.The device, Illumina’s iSeq 100 compact DNA sequencer, is used by…
-
MSSP Market Update: Sweet Partners With Illustria on Supply Chain Security
First seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-update-sweet-partners-with-illustria-on-supply-chain-security
-
Veracode Fuels Supply Chain Security With Phylum Acquisition
Phylum’s Product Delivers Real-Time Detection of Malicious Open-Source Packages. To combat the rise in software supply chain attacks, Veracode has acquired Denver-area startup Phylum and its advanced tools to detect malicious open-source packages. The acquisition strengthens Veracode’s software composition analysis offering and enables faster, more reliable threat mitigation. First seen on govinfosecurity.com Jump to article:…
-
Veracode Boosts Supply Chain Security Via Phylum Acquisition
Phylum’s Product Delivers Real-Time Detection of Malicious Open-Source Packages. To combat the rise in software supply chain attacks, Veracode has acquired Denver-area startup Phylum and its advanced tools to detect malicious open-source packages. The purchase strengthens Veracode’s software composition analysis offering and enables faster, more reliable threat mitigation. First seen on govinfosecurity.com Jump to article:…
-
Veracode Looks To Boost Security For Software Supply Chain With Acquisition Of Phylum
Veracode says its acquisition of software supply chain security startup Phylum will enhance its capabilities around protecting against malicious open-source code. First seen on crn.com Jump to article: www.crn.com/news/security/2025/veracode-looks-to-boost-security-for-software-supply-chain-with-acquisition-of-phylum
-
Supply Chain Attack Targets Key Ethereum Development Tools
A new supply chain attack targets Ethereum tools, exploiting npm packages to steal sensitive data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/supply-chain-attack-targets/
-
US Treasury incident a clear warning on supply chain security in 2025
A cyber incident at the US Department of the Treasury blamed on a Chinese state actor raises fresh warnings about supply chain risk after it was found to have originated via vulnerabilities in a remote tech support product First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366617488/US-Treasury-incident-a-clear-warning-on-supply-chain-security-in-2025
-
12 cybersecurity resolutions for 2025
Tags: advisory, ai, api, attack, awareness, breach, business, ceo, chatgpt, china, ciso, communications, control, crowdstrike, cyber, cyberattack, cybersecurity, data, data-breach, deep-fake, defense, detection, email, identity, insurance, jobs, law, malicious, phishing, ransomware, risk, risk-assessment, risk-management, strategy, supply-chain, technology, threat, tool, training, vulnerabilityAs cyber threats continue to evolve, CISOs must prepare for an increasingly complex threat landscape. From dealing with AI-driven attacks to managing changing regulatory requirements, it’s clear that 2025 will be another big year for CISOs.But staying ahead requires more than just implementing the next cutting-edge set of tools or technologies. It demands a shift…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 27
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. 7-Zip Zero-Day Exploit Dropped: A New Playground for Infostealer & Supply Chain Attacks Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts The Mac Malware of 2024 Ransomware Vulnerability Matrix Inside…
-
Malicious npm packages target Ethereum developers
Malicious npm packages target Ethereum developers, impersonating Hardhat plugins to steal private keys and sensitive data. Hardhat, by the Nomic Foundation, is an essential Ethereum tool, enabling streamlined smart contract and dApp development with customizable plugins. Socket researchers reported a supply chain attack targeting the Nomic Foundation and Hardhat platforms, attackers use malicious npm packages to…
-
36 Chrome Extensions Compromised in Supply Chain Attack
Developers Listed as Public Contact Points Targeted in Phishing Campaign. A supply chain attack that subverted legitimate Google Chrome browser extensions to inject data-stealing malware is more widespread than security researchers first suspected. So far researchers have identified 36 subverted extensions collectively used by 2.6 million people. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/36-chrome-extensions-compromised-in-supply-chain-attack-a-27207
-
Secure by design vs by default which software development concept is better?
Tags: access, api, application-security, attack, business, cisa, cloud, control, cyber, cybersecurity, data, data-breach, exploit, framework, guide, Hardware, infrastructure, malicious, mfa, nist, programming, resilience, risk, saas, security-incident, service, software, supply-chain, technology, threat, tool, update, vulnerabilityAs cybersecurity professionals, we need to know that the software products we acquire are safe and able to support or accommodate the procedures and tools we use to keep attackers at bay while performing their given functions.With attacks perennially on the rise and the software supply chain remaining as vulnerable as ever, there is momentum…
-
US soldier linked to Trump call log hack arrested in Texas
Court documents unsealed Monday show that US authorities have arrested a 20-year-old soldier, Cameron John Wagenius, charged with two counts of selling or attempting to sell confidential phone records without the customer’s authorization.But behind the scant details provided in the charge sheet submitted to the US District Court for the Western District of Washington at…