Tag: supply-chain
-
Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024
Join the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues The post fully immers… First seen on securityweek.com Jump to article: www.securityweek.com/virtual-event-today-supply-chain-third-party-risk-summit-2024/
-
Israeli Universities Hit by Supply Chain Cyberattack Campaign
Iranian hacktivist group known as Lord Nemesis and Nemesis Kitten targeted an academic sector software firm in Israel to gain access to its customers…. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/israeli-universities-hit-by-supply-chain-cyberattack-campaign
-
Japan Blames North Korea for PyPI Supply Chain Cyberattack
First seen on darkreading.com Jump to article: www.darkreading.com/application-security/japan-blames-north-korea-for-pypi-supply-chain-cyberattack
-
Strategien für eine sichere Software-Lieferkette – So funktionieren Supply-Chain-Attacks
First seen on security-insider.de Jump to article: www.security-insider.de/so-funktionieren-supply-chain-attacks-a-ae6851a064dcdefd55312926b507f5f1/
-
China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks
First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-linked-cyber-spies-blend-watering-hole-supply-chain-attacks
-
Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks
The China-linked threat actor known as;Evasive Panda;orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since S… First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/chinese-state-hackers-target-tibetans.html
-
Southern Company Builds SBOM for Electric Power Substation
The utility’s software bill of materials (SBOM) experiment aims to establish stronger supply chain security ” and tighter defenses against potential c… First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/southern-company-builds-a-power-substation-sbom
-
Critical TeamCity Bugs Endanger Software Supply Chain
Customers should immediately patch critical vulnerabilities in on-prem deployments of the CI/CD pipeline tool JetBrains TeamCity that could allow thre… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/critical-teamcity-bugs-endanger-software-supply-chain
-
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks
Cybersecurity researchers have found that it’s possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models … First seen on thehackernews.com Jump to article: thehackernews.com/2024/02/new-hugging-face-vulnerability-exposes.html
-
NIST Releases Cybersecurity Framework 2.0
New guidance expands the framework to consider organizations beyond critical infrastructure; it also addresses governance and supply chain cybersecuri… First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/nist-releases-cybersecurity-framework-2-0
-
Australian data breach report highlights supply chain risks
First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366570859/Australian-data-breach-report-highlights-supply-chain-risks
-
KI und Supply Chain Security: Jetzt noch Tickets für Frühjahrs-devSec sichern
First seen on heise.de Jump to article: heise.de/news/KI-und-Supply-Chain-Security-Jetzt-noch-Tickets-fuer-Fruehjahrs-devSec-sichern-9633530.html
-
New Malicious PyPI Packages Use DLL Sideloading In A Supply Chain Attack
Researchers have discovered that threat actors have been using open-source platforms and codes for several purposes, such as hosting C2 infrastructure… First seen on gbhackers.com Jump to article: gbhackers.com/malicious-pypi-packages-dll-sideloading/
-
Hacked Iraqi Voter Information Found For Sale Online
A 21.58 GB database of stolen personal voter data from Iraq’s Independent High Electoral Commission (IHEC) may have been the result of a supply chain … First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/hacked-iraqi-voter-information-found-for-sale-online
-
Ransomware Groups, Targeting Preferences, and the Access Economy
The cybercrime ecosystem has created a supply chain of stolen accounts and breached networks that are used to fuel ransomware attacks and data breache… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomware-groups-targeting-preferences-and-the-access-economy/
-
North Korean hackers linked to defense sector supply-chain attack
Tags: advisory, attack, cyber, defense, germany, hacker, intelligence, korea, north-korea, service, supply-chainIn an advisory today Germany’s federal intelligence agency (BfV) and South Korea’s National Intelligence Service (NIS) warn of an ongoing cyber-espion… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-linked-to-defense-sector-supply-chain-attack/
-
Complexity and software supply chain security: 5 key survey takeaways
ss=hs-featured-image-wrapper> ss=hs-featured-image-wrapper> ss=hs-featured-image-wrapper> ss=hs-featured-ima… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/02/complexity-and-software-supply-chain-security-5-key-survey-takeaways/
-
The Principles for Package Repository Security: An Overview
Tags: supply-chainWhat are the Principles for Package Repository Security, and how can organizations effectively protect their code supply chain? The U.S. Cybersecurit… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/02/the-principles-for-package-repository-security-an-overview/
-
Cyber gaps in the supply chain ” Bank of America breached in another vendor cyberattack
Third-party cyber-attacks remain one of the most significant threats facing organisations across the globe. Most recently, Bank of America, a multinat… First seen on itsecurityguru.org Jump to article: www.itsecurityguru.org/2024/02/14/cyber-gaps-in-the-supply-chain-bank-of-america-breached-in-another-vendor-cyberattack
-
Blackbaud blasted for failing to prevent customer breaches
A supply chain attack at software supplier Blackbaud in 2020 saw data on multiple UK organisations compromised. The US authorities are now taking step… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366568994/Blackbaud-blasted-for-failing-to-prevent-customer-breaches
-
NCC Group records the most ransomware victims ever in 2023
Enterprises faced an alarming number of ransomware attacks as gangs targeted supply chains and took advantage of zero-day vulnerabilities and organiza… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366569338/NCC-Group-records-the-most-ransomware-victims-ever-in-2023
-
TensorFlow CI/CD Flaws Create Risk of Supply Chain Attacks
Continuous integration and continuous delivery (CI/CD) misconfigurations discovered within the widely-used TensorFlow machine learning framework raise… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/tensorflow-ci-cd-flaws-risk-supply-chain-attacks/
-
Supply Chain Visibility-Plattform FourKites nutzt Orca Security
FourKites nutzt patentierte künstliche Intelligenz, um mehr als 150 Faktoren zu verarbeiten wie Wetter, Verkehr und Echtzeitdaten aus GPS, ELD-Telema… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/supply-chain-visibility-plattform-fourkites-nutzt-orca-security/a32020/
-
Cyber-Angriff auf GitHub-Verzeichnisse zeigt die Gefahr von Supply-Chain-Attacken
Falls ein Programmierer den Code eines anderen Entwicklers erheblich verändern möchte, dann verwendet er stattdessen die Klon-Funktion von GitHub. Dam… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/cyber-angriff-auf-github-verzeichnisse-zeigt-die-gefahr-von-supply-chain-attacken/a31991/
-
PyPIKampagne: Bedrohungsakteur JuiceLedger greift Lieferketten an
Die Gruppe JuiceLedger scheint ihre Fähigkeiten sehr schnell weiterentwickelt zu haben, was die erfolgreiche Kompromittierung der Lieferkette eines gr… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/pypi-phishing-kampagne-bedrohungsakteur-juiceledger-greift-lieferketten-an/a32102/
-
Open-Source ist die IT-Achillesferse der Lieferkette
Damit die virtuellen Türen zu ihrem Netzwerk fest verschlossen bleiben, sollten Unternehmen DevSecOps automatisieren. Das stellt sicher, dass Sicherhe… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/open-source-ist-die-it-achillesferse-der-lieferkette/a33050/
-
Der Weg zu einer krisensicheren Supply-Chain-Strategie für IT-Unternehmen
Es geht darum, sowohl strategisch als auch taktisch zu denken, um zu verstehen, was der aktuelle Stand ist und was ein Unternehmen erreichen will. Daz… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/der-weg-zu-einer-krisensicheren-supply-chain-strategie-fuer-it-unternehmen/a33285/
-
CI/CD-Sicherheit für die Software-Supply-Chain: Pipelines nutzen, um Pipelines zu härten
Automatisierung in Verbindung mit menschlichen Überprüfungen kann einen Entwickler darauf hinweisen, wenn er versucht, einen veralteten Befehl zu eine… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ci-cd-sicherheit-fuer-die-software-supply-chain-pipelines-nutzen-um-pipelines-zu-haerten/a33278/
-
Sysdig-Studie: Hochriskante Schwachstellen in 87 Prozent der Container-Images
Sysdigs 2023 Cloud-Native Security and Usage Report stellt massives Risiko in der Lieferkette fest, zusammen mit mehr als 10 Millionen Dollar an versc… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sysdig-studie-hochriskante-schwachstellen-in-87-prozent-der-container-images/a33359/
-
Zscaler kündigt Absicht zur Übernahme von Canonic Security an
Durch die Integration der neuen Sicherheitsfunktionalität für Supply Chains in die eigenen Services zum Datenschutz stärkt Zscaler sein CASB- (Cloud A… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/zscaler-kuendigt-absicht-zur-uebernahme-von-canonic-security-an/a33478/