Security News

Now is the time to focus on software supply chain security improvements
2022-08-01 04:00

The shift to cloud-native development, along with the increased speed in development brought about by the adoption of DevOps processes, has made the challenges connected with securing software supply chains infinitely more complex, according to recent research from Venafi. In this Help Net Security video, Kevin Bocek, VP of Threat Intelligence and Business Development, Venafi, discusses how CIOs are becoming increasingly concerned about the serious business disruptions, revenue loss, data theft, and customer damage that can result from successful software supply chain attacks.

What does software supply chain pain really feel like? Find out right here
2022-07-21 10:19

It has also given the cybercriminal community new routes to break into systems, either by exploiting existing vulnerabilities in the software supply chain or by surreptitiously inserting their own. So just imagine how you'd feel if you found out that a software component or library that you'd developed had a vulnerability that left not just you, but your downstream customers and partners open to attack?

Typo-squatting NPM software supply chain attack uncovered
2022-07-06 14:30

Researchers at ReversingLabs have uncovered evidence of a widespread software supply chain attack through malicious JavaScript packages picked up via NPM. NPM was acquired by Microsoft-owned GitHub in 2020 and has suffered from the odd issue or two over the years. The latest problem stems from typo-squatting, where an attacker offers up malicious packages with names similar to real packages.

NPM supply-chain attack impacts hundreds of websites and apps
2022-07-05 17:55

An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise thousands of downstream desktop apps and websites. As researchers at supply chain security firm ReversingLabs discovered, the threat actors behind this campaign used typosquatting to infect developers looking for very popular packages, such as umbrellajs and ionic.io NPM modules.

IT pros are not very confident in their organization’s supply chain security
2022-06-21 08:00

Over the last two years, supply chain challenges have rocked both enterprises and consumers alike, making it harder to access certain goods and maintain business continuity. Security threats have only heightened these concerns, and an ISACA survey report illuminates IT professionals' key concerns around supply chain security challenges and how their organizations are responding to them.

How the blurring of the “supply chain” opens your doors to attackers—and how you can close them
2022-06-21 04:00

There have been more than 200 dedicated supply chain attacks over the past decade. If the supply chain is anything that potentially gives you an opportunity to hop to another target, just about everything - including you - is part of the supply chain.

How confident are IT pros in the security of their organization’s supply chain?
2022-06-15 03:30

Security threats have only heightened these concerns, and an ISACA survey report illuminates IT professionals' key concerns around supply chain security challenges and how their organizations are responding to them. The report received responses from more than 1,300 IT professionals with supply chain insight, 25 percent of whom note that their organization experienced a supply chain attack in the last 12 months.

Supply chain attacks will get worse: Microsoft Security Response Center boss
2022-06-09 02:30

Major supply-chain attacks of recent years - we're talking about SolarWinds, Kaseya and Log4j to name a few - are "Just the tip of the iceberg at this point," according to Aanchal Gupta, who leads Microsoft's Security Response Center. As the head of MSRC, Gupta has a unique vantage point.

82% of CIOs believe their software supply chains are vulnerable
2022-06-08 08:00

The shift to cloud native development, along with the increased speed in development brought about by the adoption of DevOps processes, has made the challenges connected with securing software supply chains infinitely more complex. Adversaries, motivated by the success of high-profile software supply chain attacks on companies like SolarWinds and Kaseya, are stepping up attacks against software build and distribution environments.

Boards, CEOs demand software supply chain security improvements
2022-06-07 03:00

Adversaries, motivated by the success of high-profile software supply chain attacks on companies like SolarWinds and Kaseya, are stepping up attacks against software build and distribution environments. "Digital transformation has made every business a software developer. And as a result, software development environments have become huge target for attackers," said Kevin Bocek, VP of threat intelligence and business development for Venafi.