Supply Chain
Supply Chain | News, how-tos, features, reviews, and videos
Anchore Enterprise software SCM platform adds SBOM capabilities
The new release of Anchore's software SCM (supply chain management) platform generates an SBOM (software bill of materials) for individual builds and steps in a development cycle, automatically triggering alerts for possible...
Fortress creates center for security information on energy suppliers
Vendor library offers means to bolster supply-chain security through data sharing and communication.
HackerOne calls for end of security by obscurity
The bug hunting platform offers a proposal for greater corporate cybersecurity responsibility and transparency.
3 steps to supply chain resilience
Malicious actors are targeting your third- and fourth-party vendors, causing supply chain disruption and risk to your own network. Mitigate that risk by taking these actions.
Russian cyberspies target cloud services providers and resellers to abuse delegated access
A new Microsoft advisory claims Russia's Nobelium group is trying to gain long-term access to the technology supply chain and offers mitigation advice.
Detecting anomalies with TLS fingerprints could pinpoint supply chain compromises
Researchers at Splunk outline a technique, pioneered by Salesforce, that could detect malicious activity in the software supply chain, but with some limitations.
Supply-chain attack on Kaseya remote management software targets MSPs
REvil ransomware pushers exploit zero-day flaw in Kaseya VSA to infect MSPs and their customers.
video
Securing the software supply chain: A structured approach
Managing risk across an extended supply chain is extremely challenging for organizations of all sizes. The sheer volume of connected components that communicate, store, and process data will continue to expand the attack surface, and...
GAO calls out US government agencies: Get your supply chain security act together
The US Government Accounting Office tells Congress that federal agencies have largely ignored its supply chain risk management guidance for nearly ten years.
6 most common types of software supply chain attacks explained
Not all software supply chain attacks are the same. Here are the methods attackers currently use to corrupt legitimate software through third parties.
video
Lessons from the SolarWinds attack on securing the software supply chain
The SolarWinds breach represents a tectonic shift in threat actor tactics, suggesting this kind of attack vector will be replicated. Not only were the attacker’s sophistication and technical proficiency high -- allowing them to stay...
CISA issues guidance on defending against software supply chain attacks
The government makes recommendations for both organizations and software vendors to minimize the risk of software compromised by a criminal or foreign adversary.
5 questions CISOs should be able to answer about software supply chain attacks
The SolarWinds attack put a spotlight on the threats that compromised third-party software present organizations. Here are the top questions executive management, boards and partners are asking CISOs about their preparedness.
Tech Primer
What it takes to become an information assurance analyst
This in-demand role calls for a rare combination of superior communication skills and security chops. Learn how one information assurance analyst landed his current job, the skills and training that helped him get there, and where his...
Tech Primer
Fraud prevention: Improving internal controls
Internal fraud controls aren't fire-and-forget. Smart collaboration and ongoing improvement will help keep fraud in check. Here are the basics.
Tech Primer
How to write an information security policy
Learn the critical first step, why consensus is key, what to cover and how make your information security policy — and program — effective.
Tech Primer
Red team versus blue team: How to run an effective simulation
Playing the role of an attacker can make your team better at defense. Learn how in our step-by-step guide to war gaming your security infrastructure — from involving the right people to weighing a hypothetical vs. live event.
Tech Primer
How to survive (and thrive) in the CISO hot seat
The CISO role is more varied and more pressure-filled than ever. CSO Online looks at how you can be successful in a post where security incidents and management feuds can cost you your job.