Tag: supply-chain
-
North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks
South Korea’s National Cyber Security Center (NCSC) reported that North Korea-linked hackers hijacked VPN software updates to deploy malware. South Ko… First seen on securityaffairs.com Jump to article: securityaffairs.com/166628/apt/north-korea-targets-construction-machinery-sectors.html
-
#BHUSA: Nation-State Attacks Target Hardware Supply Chains
New report warns of escalating hardware supply chain attacks, with 19% of organizations impacted and nearly all IT leaders expecting nation-state invo… First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nationstate-attacks-target/
-
OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware
Forescout has published a new report examining the current state of the software supply chain in OT/IoT routers. The study uncovered that OT and IoT c… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/07/ot-iot-router-firmware-vulnerabilities/
-
Cybercriminals Target OneBlood: Blood Supply Chain Threatened
The nonprofit organization OneBlood, which supplies donor blood to over 250 hospitals in the United States, finds itself in a challenging situation. H… First seen on securityonline.info Jump to article: securityonline.info/cybercriminals-target-oneblood-blood-supply-chain-threatened/
-
Kimsuky and Andariel Target Seoul’s Construction Industry
Espionage Groups Exploited Software Supply Chain Vulnerabilities to Widen Reach. Prominent North Korean hacker groups Kimsuky and Andariel have been t… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/kimsuky-andariel-target-seouls-construction-industry-a-25961
-
Attacks on Blood Suppliers Trigger Supply Chain Warning
Blood Shortage After Ransomware Attack Underscores Rising Threats to Patient Safety. The American Hospital Association and Health Information Sharing … First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/attacks-on-blood-suppliers-trigger-supply-chain-warning-a-25944
-
Airlines are flying blind on third-party risks
The aviation industry has traditionally focused on physical security threats, but recent revelations about risks on Boeing’s supply chain have spotlig… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/01/airlines-third-party-risks/
-
Malware Exploiting IoT Devices on the Rise, SonicWall Warns
SonicWall has published its mid-year Cyber Threat Report for 2024. In the first half of the year, there was a significant increase in supply chain att… First seen on securityonline.info Jump to article: securityonline.info/malware-exploiting-iot-devices-on-the-rise-sonicwall-warns/
-
Microsoft Remains Top Phishing Target, Adidas and WhatsApp Join Top 10
Phishing attacks remain one of the most prevalent cyber threats and often serve as the precursor to larger-scale supply chain campaigns. Recently, Che… First seen on securityonline.info Jump to article: securityonline.info/microsoft-remains-top-phishing-target-adidas-and-whatsapp-join-top-10/
-
Supply chain attacks conducted through Polyfill.io service
In February, a Chinese company named Funnell bought the Polyfill.io domain, which sparked concerns in the infosec community about potential supply cha… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366592015/Supply-chain-attacks-conducted-through-Polyfillio-service
-
Three ways to mitigate AI-based supply chain attacks
First seen on scmagazine.com Jump to article: www.scmagazine.com/perspective/three-ways-to-mitigate-ai-based-supply-chain-attacks
-
Software Supply Chain Security Firm Lineaje Raises $20M in Series A Funding
Software supply chain security startup Lineaje has raised $20 million in a Series A funding round that brings the total to $27 million. The post Soft… First seen on securityweek.com Jump to article: www.securityweek.com/software-supply-chain-security-firm-lineaje-raises-20m-in-series-a-funding/
-
PKfail Secure Boot bypass lets attackers install UEFI malware
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows at… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pkfail-secure-boot-bypass-lets-attackers-install-uefi-malware/
-
Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads
Software supply chain security startup Chainguard raises a $140 million Series C round that values the company at $1.2 billion. The post Chainguard Ra… First seen on securityweek.com Jump to article: www.securityweek.com/chainguard-raises-140-million-expands-tech-to-secure-ai-workloads/
-
Networking Equipment Riddled With Software Supply Chain Risks
First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/networking-equipment-riddled-with-software-supply-chain-risks/
-
First Annual OSCR Report Reveals 95% of Organizations Have at Least One Severe Security Risk Within their Software Supply Chain
OX Security, the pioneer in Active Application Security Posture Management (Active ASPM), today issued the OSC&R community’s inaugural software su… First seen on itsecurityguru.org Jump to article: www.itsecurityguru.org/2024/07/17/first-annual-oscr-report-reveals-95-of-organizations-have-at-least-one-severe-security-risk-within-their-software-supply-chain
-
Chainguard Raises $140M to Drive AI Support, Global Growth
Company Seeks to Expand Globally and Grow Its US Public Sector Presence. A supply chain security firm led by an ex-Google Cloud engineer closed a Seri… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chainguard-raises-140m-to-drive-ai-support-global-growth-a-25854
-
3 million iOS and macOS apps were exposed to potent supply-chain attacks
First seen on arstechnica.com Jump to article: arstechnica.com/
-
‘Almost every Apple device’ vulnerable to CocoaPods supply chain attack
First seen on theregister.com Jump to article: www.theregister.com/2024/07/02/cocoapods_vulns_supply_chain_potential/
-
A Top-Ten List You Don’t Want to Be On
OX Research Maps Most Common Supply Chain Vulnerabilities to Attacker TTPs For our recent threat research report, OSC&R in the Wild: A New Look at… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/a-top-ten-list-you-dont-want-to-be-on/
-
Supply-chain ransomware attack cripples thousands of car dealerships
First seen on exponential-e.com Jump to article: www.exponential-e.com/blog/supply-chain-ransomware-attack-cripples-thousands-of-car-dealerships
-
How Amazon’s decision to ditch Active Directory paid off
Amazon’s decision to build its own identity and access management system was an expensive one, but an infamous supply chain attack validated the move…. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366589442/How-Amazons-decision-to-ditch-Microsoft-Active-Directory-paid-off
-
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
First seen on arstechnica.com Jump to article: arstechnica.com/
-
Eclypsium for Data Centers
Security frameworks and standards are increasingly emphasizing supply chain and firmware security, and for good reason. Attackers are actively targeti… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/eclypsium-for-data-centers/
-
Tensions rise over China’s control of critical materials
While there is disagreement in Congress over how to diversify the critical materials supply chain, there is bipartisan agreement that China’s dominanc… First seen on techtarget.com Jump to article: www.techtarget.com/searchcio/news/366589035/Tensions-rise-over-Chinas-control-of-critical-materials
-
Empower Your Developers with Software Supply Chain Security
Gartner names OX Security as representative vendor in Emerging Tech Impact Radar: DevOps report The historical friction between software developers an… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/empower-your-developers-with-software-supply-chain-security/
-
Supply Chain Cyberattacks are on the Rise Here’s How U.S. Businesses can Fortify Their Defenses
First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/supply-chain-cyberattacks-are-on-the-rise-heres-how-u-s-businesses-can-fortify-their-defenses/
-
SoftwareChain-Angriff auf JavaScript-Projekt Polyfill.io – Fast 400.000 Webseiten verbreiten Malware
First seen on security-insider.de Jump to article: www.security-insider.de/software-supply-chain-angriff-polyfill-io-sicherheitswarnung-a-fef8177e85b5a000cc616cb5e41dab17/
-
Firmware, Supply Chain, and Frameworks NIST SP 800-53
NIST Special Publication 800-53 rev 5, Security and Privacy Controls for Information Systems and Organizations, is one of the most important and influ… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/firmware-supply-chain-and-frameworks-nist-sp-800-53/