Tag: supply-chain
-
Compliance is Key: How GDPR CCPA Shape Secure Supply Chains
In the modern, globalized business environment, data security and privacy measures are not just necessary but essential, as supply chains cut across b… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/strengthening-supply-chain-security/
-
Supply chain attack compromises LottieFiles npm package with crypto drainer
First seen on scworld.com Jump to article: www.scworld.com/brief/supply-chain-attack-compromises-lottiefiles-npm-package-with-crypto-drainer
-
Why Supply Chain Security Demands Focus on Hardware
Supply chain security for servers, PCs, laptops, and devices has correctly focused on protecting these systems from vulnerabilities introduced through… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/why-supply-chain-security-demands-focus-on-hardware/
-
LottieFiles hacked in supply chain attack to steal users’ crypto
The popular LottieFiles Lotti-Player project was compromised in a supply chain attack to inject a crypto drainer into websites that steals visitors’ c… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lottiefiles-hacked-in-supply-chain-attack-to-steal-users-crypto/
-
Fortanix and Sectigo partner to automate software supply chain security
First seen on scworld.com Jump to article: www.scworld.com/brief/fortanix-and-sectigo-partner-to-automate-software-supply-chain-security
-
LottieFiles hit in npm supply chain attack targeting users’ crypto
LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so the… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lottiefiles-hit-in-npm-supply-chain-attack-targeting-users-crypto/
-
Socket lands a fresh $40M to scan software for security flaws
The software supply chain, which comprises the components and processes used to develop software, has become precarious. According to one recent surve… First seen on techcrunch.com Jump to article: techcrunch.com/2024/10/22/socket-lands-a-fresh-40m-to-scan-software-for-security-flaws/
-
Researchers link Polyfill supply chain attack to huge network of copycat gambling sites
First seen on techcrunch.com Jump to article: techcrunch.com/2024/10/22/researchers-link-polyfill-supply-chain-attack-to-huge-network-of-copycat-gambling-sites/
-
Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain
A long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging. Ident… First seen on securityaffairs.com Jump to article: securityaffairs.com/170324/security/third-party-identities-cybersecurity-supply-chain.html
-
Supply Chain Cybersecurity Beyond Traditional Vendor Risk Management
First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/supply-chain-cybersecurity-traditional-vendor-risk-management
-
US Energy Sector Vulnerable to Supply Chain Attacks
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-energy-vulnerable-supply-chain/
-
Supply Chain Weakness: Crypt Ghouls Exploit Contractors to Deploy Ransomware
Kaspersky Labs has identified a new cybercriminal group dubbed Crypt Ghouls, responsible for a series of ransomware attacks against Russian businesses… First seen on securityonline.info Jump to article: securityonline.info/supply-chain-weakness-crypt-ghouls-exploit-contractors-to-deploy-ransomware/
-
Massive copycat gambling site network leveraged in Polyfill supply chain attack
First seen on scworld.com Jump to article: www.scworld.com/brief/massive-copycat-gambling-site-network-leveraged-in-polyfill-supply-chain-attack
-
Why software supply chain attacks persist
First seen on scworld.com Jump to article: www.scworld.com/perspective/why-software-supply-chain-attacks-persist
-
North Korean APT Exploited IE Zero Day In Supply Chain Attack
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36494/North-Korean-APT-Exploited-IE-Zero-Day-In-Supply-Chain-Attack.html
-
Are hardware supply chain attacks cyber attacks?
It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltr… First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/threat-source-newsletter-sept-26-2024/
-
New Scoring System Helps Secure the Open Source AI Model Supply Chain
AI models from Hugging Face can contain similar hidden problems to OSS downloads from repositories such as GitHub. The post New Scoring System Helps S… First seen on securityweek.com Jump to article: www.securityweek.com/new-scoring-system-helps-secure-the-open-source-ai-model-supply-chain/
-
Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems
Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart P… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/supply-chain-attacks-exploit-entry.html
-
Socket Raises $40 Million for Supply Chain Security Tech
Socket has raised $40 million in a Series B funding round to work on open source software supply chain security technology. The post Socket Raises $40… First seen on securityweek.com Jump to article: www.securityweek.com/socket-raises-40-million-for-supply-chain-security-tech/
-
Microsoft issues first Secure Future Initiative report
In the first progress report since the launch of its Secure Future Initiative, Microsoft said it’s made key improvements to identity and supply chain … First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366611385/Microsoft-issues-first-Secure-Future-Initiative-report
-
SEC charges companies for minimizing SolarWinds attack risks
The U.S. Securities and Exchange Commission fined the companies for misleading investors about intrusions stemming from the SolarWinds supply chain at… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366614413/SEC-charges-4-companies-for-downplaying-SolarWinds-attack-risks
-
North Korea-linked APT37 exploited IE zero-day in a recent attack
Tags: attack, exploit, group, Internet, korea, north-korea, supply-chain, threat, vulnerability, zero-dayNorth Korea-linked group APT37 exploited an Internet Explorer zero-day vulnerability in a supply chain attack. A North Korea-linked threat actor, trac… First seen on securityaffairs.com Jump to article: securityaffairs.com/169983/apt/north-korea-apt37-ie-zero-day.html
-
CISA Urges Improvements in US Software Supply Chain Transparency
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-software-supply-chain/
-
Angriffe auf PyPIChain – Revival Hijack bedroht über 22.000 PyPI-Pakete
First seen on security-insider.de Jump to article: www.security-insider.de/neue-angriffsmethode-python-package-index-jfrog-sicherheitsanalyse-a-94bc7f8a57108d45ec2aae8de5b73926/
-
North Korean APT Exploited IE Zero-Day in Supply Chain Attack
A Pyongyang-aligned APT was caught exploiting a recent zero-day in Internet Explorer in a supply chain attack. The post North Korean APT Exploited IE … First seen on securityweek.com Jump to article: www.securityweek.com/north-korean-apt-exploited-ie-zero-day-in-supply-chain-attack/
-
Open-Source Entry Points Targeted for Supply Chain Compromise
First seen on scworld.com Jump to article: www.scworld.com/brief/open-source-entry-points-targeted-for-supply-chain-compromise
-
Open Source Package Entry Points May Lead to Supply Chain Attacks
Entry points in packages across multiple programming languages are susceptible to exploitation in supply chain attacks. The post Open Source Package E… First seen on securityweek.com Jump to article: www.securityweek.com/open-source-package-entry-points-may-lead-to-supply-chain-attacks/
-
Supply Chain Attacks Exploit Entry Points in Python, npm, and Open-Source Ecosystems
Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart P… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/supply-chain-attacks-exploit-entry.html
-
Schwachstellen in der Supply-Chain verdoppeln sich jedes Jahr
Der Report The State of Software Supply Chain fasst Trends und Risiken der Software-Lieferkette zusammen. Schwachstellen bleiben über Jahre hinweg unb… First seen on heise.de Jump to article: www.heise.de/news/Report-Malware-und-Supply-Chain-Angriffe-bedrohen-Unternehmen-9976657.html
-
Credit monitoring and supply chain risk company hacked
First seen on cyberscoop.com Jump to article: cyberscoop.com/credit-risk-monitor-cyber-crmz-ransomware/