Security News

As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices. Collectively called "Access:7," the weaknesses - three of which are rated Critical in severity - potentially affect more than 150 device models spanning over 100 different manufacturers, posing a significant supply chain risk.

Digital supply chain risk a new security threat for 2022. Gartner has identified digital supply chain risk as a new security threat and one of its top seven security and risk management trends for 2022.

The global digital supply chain market was pegged at $3.91 billion in 2020, and is expected to reach $13.67 billion by 2030, growing at a CAGR of 13.2% from 2021 to 2030, according to Allied Market Research. Increase in demand for reliable, fast, and effective order execution, rise in demand for cloud-based supply chain management solutions, and improved use of industrial-grade digital technology drive the growth of the global digital supply chain market.

An advanced persistent threat group operating with objectives aligned with the Chinese government has been linked to an organized supply chain attack on Taiwan's financial sector. The second wave of attacks hit a peak between February 10 and 13, 2022, according to a new report published by Taiwanese cybersecurity firm CyCraft, which said the wide-ranging supply chain compromise specifically targeted the software systems of financial institutions, resulting in "Abnormal cases of placing orders."

ActiveState announced the results of its survey, providing insights into the security challenges of the software industry's open source supply chain, which includes the security of open source components, as well as the security and integrity of key software development processes. The results point to the fact that software supply chain security is still in its infancy.

Supply chain security is no easy task, and no single entity has end-to-end control. One company, stage, or process with insufficient security makes the entire chain more vulnerable to hackers and can open up a huge amount of risk when we consider the size and value of global chains that span many countries.

The White House has recently issued alerts noting that many manufacturers suffer from disrupted supply chains, and rebuilding supply chains is a major priority. Pausing production until the supply chain is back entirely is not an option.

This is the sort of situation facing more and more companies, as cybercriminals not only take advantage of existing vulnerabilities in the open-source ecosystem, but actively work to inject their own, giving them the chance to attack supply chains at their leisure. This session, featuring a panel of experts from Immersive Labs, takes you through the decision-making process you would face as you try to protect your own organisation as well your customers.

Panorays has identified the top five most common cyber gaps among third-party organizations over 2021. Analyzing data gathered from cyber posture evaluations of tens of thousands of vendors across various industries, Panorays pinpointed compromised credentials as among the most common issues impacting supply chain security, with 44% of companies affected.

In the wake of the SolarWinds and Kaseya attacks, third-party cybersecurity risks remain top of mind for security leaders. Third-party SaaS vendors have permeated every facet of our workflows and enmeshed itself across enterprise environments.