Google Teams Up With GitHub for Supply Chain Security
Google has teamed up with GitHub for a solution that should help prevent software supply chain attacks such as the ones that affected SolarWinds...
Tagged: Chain
FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks
The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen...
15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks
A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack,...
A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages
A threat actor dubbed “RED-LILI” has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly...
Audits / Cloud Security / Compliance / Cyberwarfare / Data Protection / Disaster Recovery / Email Security / Endpoint Security / Fraud & Identity Theft / Incident Response / Malware / Network Security / NEWS & INDUSTRY / Phishing / Risk Management / Security Architecture / Virus & Malware / Vulnerabilities
Checkmarx Finds Threat Actor ‘Fully Automating’ NPM Supply Chain Attacks
Threat hunters at Checkmarx on Monday raised an alarm after discovering a threat actor fully automating the creation and delivery of “hundreds of malicious...
Watch on Demand: Supply Chain Security Summit & Expo (Virtual)
We’re excited that all sessions from SecurityWeek’s 2022 Supply Chain Security Summit & Virtual Expo are now available to watch on demand. In the wake...
Application Security / Audits / Cloud Security / Compliance / Data Protection / Email Security / Endpoint Security / Identity & Access / Mobile Security / Network Security / NEWS & INDUSTRY / Privacy / Risk Management / Tracking & Law Enforcement / Virus & Malware / Vulnerabilities / Wireless Security
‘Secrets Sprawl’ Haunts Software Supply Chain Security
A cybersecurity startup is warning of a major, unattended weak link in the software supply chain: the vexing problem of valuable corporate secrets —...
Application Security / Audits / Cloud Security / Compliance / Cyberwarfare / Data Protection / Disaster Recovery / Email Security / Endpoint Security / Identity & Access / Malware / Network Security / NEWS & INDUSTRY / Privacy / Risk Management / Security Architecture / Virus & Malware / Vulnerabilities
Software Supply Chain Weakness: Snyk Warns of ‘Deliberate Sabotage’ of NPM Ecosystem
Software supply chain security fears escalated again this week with the discovery of what’s being described as “deliberate sabotage” of code in the open-source...
Critical “Access:7” Supply Chain Vulnerabilities Impact ATMs, Medical and IoT Devices
As many as seven security vulnerabilities have been disclosed in PTC’s Axeda software that could be weaponized to gain unauthorized access to medical and...
Chinese Hackers Target Taiwan’s Financial Trading Sector with Supply Chain Attack
An advanced persistent threat (APT) group operating with objectives aligned with the Chinese government has been linked to an organized supply chain attack on...