Tag: supply-chain
-
Supply chain attack against iOS, macOS apps likely with severe CocoaPods bugs
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/supply-chain-attack-against-ios-macos-apps-likely-with-severe-cocoapods-bugs
-
Securing Supply Chains After Baltimore
In March, a container ship leaving the Helen Delich Bentley Port of Baltimore struck a support piling holding up the Francis Scott Key Bridge, knockin… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/securing-supply-chains-after-baltimore/
-
CVE of the month, the supply chain attack hidden for 10 years CVE-2024-38368
For over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or s… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/cve-of-the-month-the-supply-chain-attack-hidden-for-10-years-cve-2024-38368/
-
384,000 sites link to code library caught performing supply-chain attack
First seen on arstechnica.com Jump to article: arstechnica.com/
-
New body IMCSO to elevate standards and streamline provisioning of cybersecurity services in Maritime
The maritime industry is vitally important to the global supply chain for multiple reasons, from food, medicine and consumer goods to fuel and other i… First seen on itsecurityguru.org Jump to article: www.itsecurityguru.org/2024/06/21/new-body-imcso-to-elevate-standards-and-streamline-provisioning-of-cybersecurity-services-in-maritime
-
‘Perfect 10’ Apple Supply Chain Bug, Millions of Apps at Risk of CocoaPods RCE
First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/cocoapods-apple-vulns-richixbw/
-
Polyfill.io Supply Chain Attack Smacks Down 100K+ Websites
The site is supplying malicious code that delivers dynamically generated payloads and can lead to other attacks, after a Chinese organization bought i… First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/polyfillio-supply-chain-attack-smacks-down-100k-websites
-
Building Resilience in the Chip Supply Chain
To bolster digital security and resilience across the semiconductor supply chain, a critical first step is that organizations across the supply chain … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/building-resilience-in-the-chip-supply-chain/
-
WordPress Supply Chain Attack Spreads Across Multiple Plug-ins
First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/wordpress-supply-chain-attack-multiple-plug-ins
-
More than 100K sites impacted by Polyfill supply chain attack
First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/more-than-100k-sites-impacted-by-polyfill-supply-chain-attack/
-
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator
The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/polyfillio-bootcdn-bootcss-staticfile-attack-traced-to-1-operator/
-
High-Risk Overflow Bug in Intel Chips Likely Impacts 100s of PC Models
The old, but newly disclosed, vulnerability is buried deep inside personal computers, servers, and mobile devices, and their supply chains, making rem… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/high-risk-overflow-bug-in-intel-chips-likely-impacts-100s-of-pc-models
-
Plugins on WordPress.org backdoored in supply chain attack
A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts wit… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/plugins-on-wordpressorg-backdoored-in-supply-chain-attack/
-
Polyfill.io JavaScript supply chain attack impacts over 100K sites
Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script w… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/polyfillio-javascript-supply-chain-attack-impacts-over-100k-sites/
-
WordPress Plugin Supply Chain Attack Gets Worse
First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/wordpress-plugin-malware-richixbw/
-
B+ security rating masks healthcare supply chain risks
While the healthcare sector gets a B+ security rating for the first half of 2024, it faces a critical vulnerability: supply chain cyber risk, accordin… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/26/healthcare-security-ratings/
-
Polyfill Supply Chain Attack Hits Over 100k Websites
More than 100,000 websites are affected by a supply chain attack injecting malware via a Polyfill domain. The post n 100,000 websites are affected by … First seen on securityweek.com Jump to article: www.securityweek.com/polyfill-supply-chain-attack-hits-over-100k-websites/
-
Cloud and Other Supply Chain Security: What Questions to Ask
Supply chains tend to be incredibly complex. As a result, many organizations struggle with their supply chain risk assessments. Yet the risks in the s… First seen on itgovernanceusa.com Jump to article: www.itgovernanceusa.com/blog/securing-your-supply-chain-and-third-parties
-
Several Plugins Compromised in WordPress Supply Chain Attack
Five WordPress plugins were injected with malicious code that creates a new administrative account. The post dPress plugins were injected with malicio… First seen on securityweek.com Jump to article: www.securityweek.com/several-plugins-compromised-in-wordpress-supply-chain-attack/
-
WordPress Plugins Hit by Supply Chain Attack: Update Now!
A new supply chain attack has impacted several plugins hosted on WordPress.org. This WordPress vulnerability, discovered on June 24th, 2024, by the Wo… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/wordpress-supply-chain-attack/
-
Why SaaS Security is Suddenly Hot: Racing to Defend and Comply
Recent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other indus… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/why-saas-security-is-suddenly-hot.html
-
How Amazon’s decision to ditch Microsoft Active Directory paid off
Amazon’s decision to build its own identity and access management system was an expensive one, but an infamous supply chain attack validated the move…. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366589442/How-Amazons-decision-to-ditch-Microsoft-Active-Directory-paid-off
-
Global, federal commitments to bolster energy supply chain cybersecurity detailed
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/global-federal-commitments-to-bolster-energy-supply-chain-cybersecurity-detailed
-
Runtime Enforcement: Software Security After the Supply Chain Ends
Runtime enforcement is the future of software security, if we can only make it accessible to the developers that understand their applications the bes… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/runtime-enforcement-software-security-after-the-supply-chain-ends/
-
Suspected supply chain attack backdoors courtroom recording software
First seen on theregister.com Jump to article: www.theregister.com/2024/05/24/suspected_supply_chain_attack_backdoors/
-
Eclypsium Overview
An introduction to Eclypsium’s supply chain security, zero trust and device integrity solutions. The post duction to Eclypsium’s supply chain security… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/eclypsium-overview/
-
Software Supply Chain Risks ⎪Cassie Crossley (VP Supply Chain Security, Schneider Electric)
This blog is based on our conversation with Cassie Crossley, Vice President of Supply Chain Security at Schneider Electric. It covers the unique chall… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/software-supply-chain-risks-%e2%8e%aacassie-crossley-vp-supply-chain-security-schneider-electric/
-
#Infosec2024: Supply Chains Remain Hidden Threat to Business
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/infosec2024-supply-chains-hidden/
-
Eclypsium and Panasonic Connect North America Partner to Protect Against Digital Infrastructure Threats Below the Surface With Smart Compliance
Portland, OR June 6, 2024 Eclypsium®, the supply chain security company protecting critical hardware, firmware, and software, today announced its coll… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/eclypsium-and-panasonic-connect-north-america-partner-to-protect-against-digital-infrastructure-threats-below-the-surface-with-smart-compliance/
-
BTS #31 Managing Complex Digital Supply Chains Cassie Crossley
Tags: supply-chainCassie has a long history of successfully managing a variety of security programs. Today, she leads supply chain efforts for a very large product comp… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/bts-31-managing-complex-digital-supply-chains-cassie-crossley/