Security News

Despite what security vendors might say, there is no way to comprehensively solve our supply-chain security challenges, posits JupiterOne CISO Sounil Yu. We can only manage them. In the late 19th century, many large cities faced an unpleasant predicament due to too much horse manure piling up in the streets.

A number of security vulnerabilities have been disclosed in 42 Gears' SureMDM device management solution that could be weaponized by attackers to perform a supply chain compromise against affected organizations. The India-based company's SureMDM is a cross-platform mobile device management service that allows enterprises to remotely monitor, manage, and secure their fleet of company-owned machines and employee-owned devices.

Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do. Over the last couple of months, the Zix Threat Research team has observed threat actors using new tactics to spoof logistics and supply-chain companies, hoping for an easy compromise.

The report compiles responses from 428 leaders and executives in IT, security and development roles to identify the latest trends on how organizations are adapting to new security challenges of the software supply chain. Managing software supply chain security a significant or top focus in 2022.

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. In total, threat actors compromised 40 themes and 53 plugins belonging to AccessPress, a developer of WordPress add-ons used in over 360,000 active websites.

Software supply chain attacks grew by more than 300% in 2021 compared to 2020, according to a study by Argon Security. According to the study, researchers discovered attackers focused most heavily on open source vulnerabilities and poisoning, code integrity issues, and exploiting the software supply chain process and supplier trust to distribute malware or backdoors.

56% of businesses experienced more supply chain disruptions in 2021 than 2020, a Hubs report reveals. It is increasingly clear that while certain risks are hard to anticipate and difficult to plan for, it is possible to mitigate the effects of supply chain disruptions by establishing a robust and agile supply chain.

Ransomware attacks used to be limited to a single attack / single extortion attempt, where hackers would demand payment in exchange for decrypting the target organization's files they've encrypted. In addition to ransomware, supply chain attacks have been very effective lately and are also on the rise, with the current trend seeing most of them targeting software companies, with high profile examples including attacks against SolarWinds and Codecov.

If you were a user of either of those projects, and if you are inclined to accept any and all updates to your source code automatically without any sort of code review or testing. We've written about security holes suddenly showing up in numerous coding communities, including PHP programmers, Pythonistas, Ruby users, and NPM fans.

While it is common for IT departments to assess the official suppliers that a company might use for areas such as cloud services, it remains a longstanding business challenge to monitor the cybersecurity risks from suppliers across a company's whole supply chain. Cyber attacks have become so advanced that the starting point of an attack is often not the primary target, but the weakest part of the underlying supply chain.