Security News

Mandating a Zero-Trust Approach for Software Supply Chains
2021-10-13 13:22

CISO at JupiterOne, discusses software bills of materials and the need for a shift in thinking about securing software supply chains. In the wake of the SolarWinds attack last year, President Biden issued an executive order in May advocating for mandatory software bills of materials, or SBOMs, to increase software transparency and counter supply-chain attacks.

Worldwide supply chains vulnerable as businesses lack visibility into suppliers
2021-10-13 04:30

Companies still not prioritizing their vulnerable supply chains Only 13% of companies said that third-party cyber risk was NOT a priority, a drop compared to last year when 22% of companies said that supply chain and third-party cyber risk was not on their radar. Adam Bixler continues: "Budget increases demonstrate that firms are recognising the need to invest in cybersecurity and vendor risk management. However, the wide yet consistent array of pain points suggests that this investment is not as effective as it could be. This, tied to the lack of visibility, monitoring and senior-level reporting, underscores a lack of strategy when approaching third-party cyber risk which unfortunately is only going to lead to more breaches."

How to protect your organization from security threats across your supply chain
2021-10-12 13:59

In a survey by BlueVoyant, 97% of people said they've been impacted by a security breach that occurred in their supply chain. How do you combat something over which you seemingly have little or no control? A report by cybersecurity provider BlueVoyant looks at supply chain security breaches and offers tips on how to prevent them.

C-level execs confident in their software supply chain security, but challenges remain
2021-09-30 03:30

A survey of C-level executives released by CloudBees reveals high confidence levels in software supply chain security but a limited understanding of the essential components that make a software supply chain secure. Executives overwhelmingly claim their software supply chains are secure or very secure and 93% say they are prepared to deal with an issue such as ransomware or a cyberattack on their supply chain.

Leveraging threat intelligence to tackle supply chain vulnerabilities
2021-09-29 05:00

In this interview with Help Net Security, Brandon Hoffman, CISO at Intel 471, talks about the growing threat of supply chain attacks, the most common supply chain vulnerabilities and how the right threat intelligence can help stay on top of these threats. We are witnessing a growing number of supply chain attacks lately, and cybercriminals are becoming stealthier and smarter.

Here's a fix for open source supply chain attacks
2021-09-23 21:46

TechRepublic contributing writer Jack Wallen is correct that "Open source software has proved itself, time and time and time again, that it is business-grade for a very long time." Sonatype is also correct that supply chain attacks against popular open source software repositories jumped 650% over the last year. Open source keeps growing in popularity, to the tune of 2.2 trillion open source packages pulled from repositories like npmjs and Maven in 2021, according to Sonatype's study.

US agricultural co-op hit by ransomware, expects food supply chain disruption
2021-09-21 09:59

New Cooperative Inc., an agricultural cooperative owned by Iowa corn and soy farmers, has been hit by the BlackMatter ransomware group. The attackers are asking the co-op to pay $5,900,000 for the decryption key and not to release the stolen data.

Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk
2021-09-16 11:37

Four Microsoft zero-day vulnerabilities in the Azure cloud platform's Open Management Infrastructure - a software that many don't know is embedded in a host of services - show that OMI represents a significant security blind spot, researchers said. Though Microsoft patched them this week in its monthly Patch Tuesday raft of updates, their presence in OMI highlights the risk for the supply chain when companies unknowingly run code - particularly open-source code - on their systems that allows for exploitation, researchers said.

Why open source software supply chain management is worse than you think
2021-09-15 13:00

The seventh annual State of the Software Supply Chain Report from Sonatype found that developers think software management practices are in much better shape than what conditions on the ground indicate. The analysis found that the majority of respondents use an ad hoc approach to software supply chain management for most parts of the process, except for remediation and inventory.

Execs concerned about software supply chain security, but not taking action
2021-09-15 04:00

Venafi announced survey results highlighting the challenges of improving software supply chain security. While 94% of executives believe there should be clear consequences for software vendors that fail to protect the integrity of their software build pipelines, most have done little to change the way they evaluate the security of the software they purchase and the assurances they demand from software providers.