Security News

The last 12 months have also seen software supply chain attacks shed complexity and boost accessibility. No longer just the domain of nation-state actors, software supply chain attacks are increasingly being perpetrated by low-skill cybercriminals, evidenced by the use of open source packages to support commodity phishing campaigns that deliver turnkey, automated attacks used to facilitate the theft of victim data.

Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain...

Section four of the "Executive Order on Improving the Nation’s Cybersecurity" introduced a lot of people in tech to the concept of a “Software Supply Chain” and securing it. If you make software...

Third-party supply chain risk is a key concern from Australian cyber security professionals. ASIC reveals third-party supply chain risk as key gap in Australia.

In this Help Net Security video, Jay Yaneza, Cybersecurity Architect at VicOne, discusses how, in the first half of the year, cyberattacks on the automotive sector caused losses exceeding $11 billion. These attacks mainly targeted automotive suppliers, not OEMs, showing an increasing trend in supply chain vulnerabilities.

Crypto hardware wallet maker Ledger published a new version of its "@ledgerhq/connect-kit" npm module after unidentified threat actors pushed malicious code that led to the theft of more than...

Ledger is warnings users not to use web3 dApps after a supply chain attack on the 'Ledger dApp Connect Kit' library was found pushing a JavaScript wallet drainer that stole $600,000 in crypto and NFTs. Ledger is a hardware wallet that lets users buy, manage, and securely store their digital assets offline, supporting multiple cryptocurrencies, including Bitcoin and Ethereum. The company offers a library called the "Ledger dApps Connect Kit" that allows web3 apps to connect to Ledger hardware wallets.

"Attacks targeting external vendors and partners are a constant threat," said Joel Molinoff, BlueVoyant's global head of Supply Chain Defense. "Our data suggests that the scope of the problem is increasing, with more enterprise vendors and suppliers falling prey to cyber attacks. Enterprises recognize the issue but the standard approach to third-party risk management is proving inadequate. Companies now need to focus energies on methods that proactively illuminate and reduce supply chain risk."

Enhancing its predecessor, the SCS 9001 2.0 standard presents a more comprehensive global cybersecurity and supply chain security framework adaptable to various communication networks across industries and sectors. How does the SCS 9001 2.0 standard differ from its predecessor regarding cybersecurity and supply chain security?

The attack started with compromising a media outlet's website to embed malicious scripts into an article, allowing for a 'watering hole' attack. State-backed North Korean hacking operations consistently rely on supply chain attacks and the exploitation of zero-day vulnerabilities as part of their cyber warfare tactics.