Security News

Supply chain shortages create a cybersecurity nightmare
2022-02-16 07:15

The White House has recently issued alerts noting that many manufacturers suffer from disrupted supply chains, and rebuilding supply chains is a major priority. Pausing production until the supply chain is back entirely is not an option.

Your software supply chain is under attack – how are you going to react?
2022-02-15 07:30

This is the sort of situation facing more and more companies, as cybercriminals not only take advantage of existing vulnerabilities in the open-source ecosystem, but actively work to inject their own, giving them the chance to attack supply chains at their leisure. This session, featuring a panel of experts from Immersive Labs, takes you through the decision-making process you would face as you try to protect your own organisation as well your customers.

The most common cyber gaps threatening supply chain security
2022-02-11 06:15

Panorays has identified the top five most common cyber gaps among third-party organizations over 2021. Analyzing data gathered from cyber posture evaluations of tens of thousands of vendors across various industries, Panorays pinpointed compromised credentials as among the most common issues impacting supply chain security, with 44% of companies affected.

Contextualizing supply chain risks in a SaaS environment
2022-02-07 06:12

In the wake of the SolarWinds and Kaseya attacks, third-party cybersecurity risks remain top of mind for security leaders. Third-party SaaS vendors have permeated every facet of our workflows and enmeshed itself across enterprise environments.

Supply-Chain Security Is Not a Problem…It’s a Predicament
2022-02-02 19:23

Despite what security vendors might say, there is no way to comprehensively solve our supply-chain security challenges, posits JupiterOne CISO Sounil Yu. We can only manage them. In the late 19th century, many large cities faced an unpleasant predicament due to too much horse manure piling up in the streets.

New SureMDM Vulnerabilities Could Expose Companies to Supply Chain Attacks
2022-02-01 19:56

A number of security vulnerabilities have been disclosed in 42 Gears' SureMDM device management solution that could be weaponized by attackers to perform a supply chain compromise against affected organizations. The India-based company's SureMDM is a cross-platform mobile device management service that allows enterprises to remotely monitor, manage, and secure their fleet of company-owned machines and employee-owned devices.

Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox
2022-01-26 19:37

Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do. Over the last couple of months, the Zix Threat Research team has observed threat actors using new tactics to spoof logistics and supply-chain companies, hoping for an easy compromise.

Proactive software supply chain security becoming critical as threats rise
2022-01-26 06:00

The report compiles responses from 428 leaders and executives in IT, security and development roles to identify the latest trends on how organizations are adapting to new security challenges of the software supply chain. Managing software supply chain security a significant or top focus in 2022.

Over 90 WordPress themes, plugins backdoored in supply chain attack
2022-01-21 15:34

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. In total, threat actors compromised 40 themes and 53 plugins belonging to AccessPress, a developer of WordPress add-ons used in over 360,000 active websites.

Software supply chain attacks jumped over 300% in 2021
2022-01-20 05:00

Software supply chain attacks grew by more than 300% in 2021 compared to 2020, according to a study by Argon Security. According to the study, researchers discovered attackers focused most heavily on open source vulnerabilities and poisoning, code integrity issues, and exploiting the software supply chain process and supplier trust to distribute malware or backdoors.