Security News

New SureMDM Vulnerabilities Could Expose Companies to Supply Chain Attacks
2022-02-01 19:56

A number of security vulnerabilities have been disclosed in 42 Gears' SureMDM device management solution that could be weaponized by attackers to perform a supply chain compromise against affected organizations. The India-based company's SureMDM is a cross-platform mobile device management service that allows enterprises to remotely monitor, manage, and secure their fleet of company-owned machines and employee-owned devices.

Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox
2022-01-26 19:37

Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do. Over the last couple of months, the Zix Threat Research team has observed threat actors using new tactics to spoof logistics and supply-chain companies, hoping for an easy compromise.

Proactive software supply chain security becoming critical as threats rise
2022-01-26 06:00

The report compiles responses from 428 leaders and executives in IT, security and development roles to identify the latest trends on how organizations are adapting to new security challenges of the software supply chain. Managing software supply chain security a significant or top focus in 2022.

Over 90 WordPress themes, plugins backdoored in supply chain attack
2022-01-21 15:34

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. In total, threat actors compromised 40 themes and 53 plugins belonging to AccessPress, a developer of WordPress add-ons used in over 360,000 active websites.

Software supply chain attacks jumped over 300% in 2021
2022-01-20 05:00

Software supply chain attacks grew by more than 300% in 2021 compared to 2020, according to a study by Argon Security. According to the study, researchers discovered attackers focused most heavily on open source vulnerabilities and poisoning, code integrity issues, and exploiting the software supply chain process and supplier trust to distribute malware or backdoors.

Supply chain disruptions rose in 2021
2022-01-19 05:00

56% of businesses experienced more supply chain disruptions in 2021 than 2020, a Hubs report reveals. It is increasingly clear that while certain risks are hard to anticipate and difficult to plan for, it is possible to mitigate the effects of supply chain disruptions by establishing a robust and agile supply chain.

Ransomware, supply chain, and deepfakes: The top threats the finance industry needs to prepare for
2022-01-12 06:30

Ransomware attacks used to be limited to a single attack / single extortion attempt, where hackers would demand payment in exchange for decrypting the target organization's files they've encrypted. In addition to ransomware, supply chain attacks have been very effective lately and are also on the rise, with the current trend seeing most of them targeting software companies, with high profile examples including attacks against SolarWinds and Codecov.

JavaScript developer destroys own projects in supply chain “lesson”
2022-01-11 19:54

If you were a user of either of those projects, and if you are inclined to accept any and all updates to your source code automatically without any sort of code review or testing. We've written about security holes suddenly showing up in numerous coding communities, including PHP programmers, Pythonistas, Ruby users, and NPM fans.

Supply chain cybersecurity: Pain or pleasure?
2022-01-07 05:30

While it is common for IT departments to assess the official suppliers that a company might use for areas such as cloud services, it remains a longstanding business challenge to monitor the cybersecurity risks from suppliers across a company's whole supply chain. Cyber attacks have become so advanced that the starting point of an attack is often not the primary target, but the weakest part of the underlying supply chain.

Broward Breach Highlights Healthcare Supply-Chain Problems
2022-01-05 21:09

This week's announcement by Florida's Broward Health System that the most intimate medical data of 1,357,879 of its patients was breached in the fall should serve as a warning that the healthcare software supply chain will be a juicy target for cybercriminals as we head into 2022, researchers warn. As startling as the number of impacted Broward patients may seem, Ron Bradley, vice president of Shared Assessments calls this breach, "Just a drop in the proverbial bucket related to healthcare losses in 2021.".