Tag: supply-chain
-
Eclypsium Supply Chain Security Platform Protects GenAI Infrastructure with Addition of Hardware and Training Model Assessment Capabilities
Eclypsium is extending its digital supply chain security to cover GenAI hardware and training models SAN FRANCISCO RSA Conference May 7, 2024 Eclyp… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/eclypsium-supply-chain-security-platform-protects-genai-infrastructure-with-addition-of-hardware-and-training-model-assessment-capabilities/
-
R Programming Bug Exposes Orgs to Vast Supply Chain Risk
The CVE-2024-27322 security vulnerability in R’s deserialization process gives attackers a way to execute arbitrary code in target environments via sp… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/r-programming-language-exposes-orgs-to-supply-chain-risk
-
Eclypsium Supply Chain Security Platform Wins Global InfoSec Award
Platform named Market Leader for Software Supply Chain Security SAN FRANCISCO RSA Conference May 6, 2024 Eclypsium, the supply chain security compa… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/eclypsium-supply-chain-security-platform-wins-global-infosec-award/
-
Webinar: Learn Proactive Supply Chain Threat Hunting Techniques
In the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks have emerged as a potent threat, exploiting the intricat… First seen on thehackernews.com Jump to article: thehackernews.com/2024/04/webinar-learn-proactive-supply-chain.html
-
Securing your organization’s supply chain: Reducing the risks of third parties
When Stephen Hawking said that we are all now connected by the internet, like neurons in a giant brain, very few people understood the gravity of his … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/02/supply-chain-third-parties-risks/
-
Software-Lieferketten absichern, Teil 2 – Risiken in der Software Supply Chain
First seen on security-insider.de Jump to article: www.security-insider.de/software-lieferkette-risiken-sicherheit-digital-transformation-a-92806ff4ebcdbf0f957f29f29ff9dcce/
-
Supply chain attacks likely with exploitation of novel R programing bug
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/supply-chain-attacks-likely-with-exploitation-of-novel-r-programing-bug
-
Attacker Social-Engineered Backdoor Code Into XZ Utils
Unlike the SolarWinds and CodeCov incidents, all that it took for an adversary to nearly pull off a massive supply chain attack was some slick social … First seen on darkreading.com Jump to article: www.darkreading.com/application-security/attacker-social-engineered-backdoor-code-into-xz-utils
-
Vulnerability in R Programming Language Could Fuel Supply Chain Attacks
A vulnerability (CVE-2024-27322) in the R programming language implementation can be exploited to execute arbitrary and be used as part of a supply ch… First seen on securityweek.com Jump to article: www.securityweek.com/vulnerability-in-r-programming-language-enables-supply-chain-attacks/
-
XZ backdoor discovery reveals Linux supply chain attack
A maintainer for XZ, a popular open source compression library for Linux distributions, compromised the open source project over the course of two yea… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366577602/XZ-backdoor-discovery-reveals-Linux-supply-chain-attack
-
JFrog Software Supply Chain State of the Union 2024 – Risiken und Chancen für Software-Lieferketten in Deutschland
First seen on security-insider.de Jump to article: www.security-insider.de/software-supply-chain-risiken-und-potenziale-2024-a-3f333ba3d57d3dcab2be146c128702b3/
-
Top.gg supply chain attack highlights subtle risks
Threat actors used fake Python infrastructure and cookie-stealing to poison multiple GitHub code repositories, putting another spotlight on supply cha… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366575534/Topgg-supply-chain-attack-highlights-subtle-risks
-
Lösungspaket für die Software Composition Analysis (SCA) – Synopsys nimmt Risiken in der Software-Lieferkette ins Visier
First seen on security-insider.de Jump to article: www.security-insider.de/synopsys-black-duck-supply-chain-edition-sicherheit-software-lieferkette-a-e29d2358ddc25d95f8514c9d9f4f9fc9/
-
Protobom: Open-source software supply chain tool
Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communi… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/04/19/protobom-open-source-software-supply-chain-tool/
-
Sisense Password Breach Triggers ‘Ominous’ CISA Warning
With stores of mega-corporate business intelligence, a Sisense compromise could potentially mushroom into supply chain cyberattack disaster, experts f… First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/sisense-breach-triggers-cisa-password-reset-advisory
-
Why MLBOMs Are Useful for Securing the AI/ML Supply Chain
A machine learning bill of materials (MLBOM) framework can bring transparency, auditability, control, and forensic insight into AI and ML supply chain… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/mlboms-are-useful-for-securing-ai-ml-supply-chain
-
Cisco Duo customer MFA message logs stolen in supply chain hack
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/cisco-duo-customer-mfa-message-logs-stolen-in-supply-chain-hack
-
PyPI halted new users and projects while it fended off supply-chain attack
First seen on arstechnica.com Jump to article: arstechnica.com/
-
CISA software supply chain security form omits SBOMs
Federal suppliers now have a self-attestation deadline amid ongoing efforts to secure software supply chains. But SBOMs’ spotlight is fading and big r… First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366573974/CISA-software-supply-chain-security-form-omits-SBOMs
-
The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind
The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the m… First seen on wired.com Jump to article: www.wired.com/story/jia-tan-xz-backdoor/
-
Synopsys Introduces Latest Solution for Comprehensive Security Across Software Supply Chains
Synopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis (SCA) solution. This offering aids organisations in mi… First seen on itsecurityguru.org Jump to article: www.itsecurityguru.org/2024/04/09/synopsys-introduces-latest-solution-for-comprehensive-security-across-software-supply-chains
-
New Tool Aims to Simplify and Streamline SBOM Adoption
OpenSSF Partners With DHS and CISA to Launch Global Software Supply Chain Project. OpenSSF launched a new tool Tuesday in partnership with the Departm… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/new-tool-aims-to-simplify-streamline-sbom-adoption-a-24872
-
SoftwareChain-Angriff: xz-utils-Backdoor gefährdet Linux-Systeme
Eine Supply-Chain-Attacke über xz-utils sorgt seit einigen Tagen für Aufregung in der IT-Security-Szene. Der Angriff wurde offenbar von langer Hand ge… First seen on csoonline.com Jump to article: www.csoonline.com/de/a/xz-utils-backdoor-gefaehrdet-linux-systeme
-
Sisense Breach Highlights Rise in Major Supply Chain Attacks
Experts Warn of Growing Threat From Supply Chain Attacks After High-Profile Breach. Cybersecurity experts are sounding the alarm over a rise in supply… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/sisense-breach-highlights-rise-in-major-supply-chain-attacks-a-24864
-
6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers
The software supply chain is filled with various challenges, such as untracked security vulnerabilities in open-source components and inconsistent upd… First seen on gbhackers.com Jump to article: gbhackers.com/lighttpd-flaw-intel-lenovo-servers/
-
Tips for Securing the Software Supply Chain
Industry experts share how to implement comprehensive security strategies necessary to secure the software supply chain in Dark Reading’s latest Tech … First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/tips-for-securing-the-software-supply-chain
-
Home Depot Hammered by Supply Chain Data Breach
First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/home-depot-hammered-by-supply-chain-data-breach
-
Sisense customers told to reset credentials amid supply chain attack fears
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/sisense-customers-told-to-reset-credentials-amid-supply-chain-attack-fears
-
ISMG Editors: Unpacking the Change Healthcare Attack Saga
Also: Positive Cyber Market Trends, AI Threats to Supply Chain Security. In the latest weekly update, four ISMG editors discussed the unending twists … First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ismg-editors-unpacking-change-healthcare-attack-saga-a-24848
-
Software supply chain risk mitigation sought by new Synopsys solution
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/software-supply-chain-risk-mitigation-sought-by-new-synopsys-solution