Supply Chain

Supply Chain | News, how-tos, features, reviews, and videos

Profile photo of a developer / programmer reviewing code on monitors in his workspace.
News Analysis

Malicious package flood on PyPI might be sign of new attacks to come

Profile photo of a developer / programmer reviewing code on monitors in his workspace.
News

New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs

Africa > Guinea > Conakry > harbor / harbour / shipping containers / cranes
News Analysis

US Maritime Administrator to study port crane cybersecurity concerns

Recently passed legislation might have been spurred by supply chain disruption and surveillance concerns enabled by Chinese-made cranes.

A lost businessman wanders amid conflicting directional signs through the fog.
News Analysis

PyTorch suffers supply chain attack via dependency confusion

A rogue packet on the machine learning framework allowed the attacker to exfiltrate data, including SSH keys.

Binary chain links of data > Blockchain / blockchain security / linked elements
News Analysis

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack.

teamwork / developers / programmers / collaboration / conversation, discussion, gesturing
News

Enterprises embrace devsecops practices against supply chain attacks

Healthy developer-team culture and adherence to devsecops best practices to protect against supply chain attacks are surprisingly commonplace in today’s security environment, according to a report from Google Cloud's DORA research...

supply chain / virtual network of connections
News

Global companies say supply chain partners expose them to ransomware

A Trend Micro report reveals that 52% of global organizations have a supply chain partner that was hit by ransomware.

supply chain management logistics - ERP - Enterprise Resource Planning
Feature

How Australia and New Zealand CISOs can get ahead of supply chain attacks

With threats on the rise, Australia and New Zealand CISOs are facing the challenge that an attack on one organisation can become a common vulnerability.

programmer certification skills developer devops data scientist laptop by brayden george unsplash
Feature

Breaking down CIS's new software supply chain security guidance

The Center for Internet Security offers best practices for securing each phase of the software supply chain.

assembly / architecture / modular structure / components
Feature

What is an SBOM? Software bill of materials explained

An SBOM is a detailed guide to what's inside your software. It helps vendors and buyers alike keep track of software components for better software supply chain security.

Multi-factor authentication (MFA) / two-factor authentication (2FA) / one-time security code
News Analysis

GitHub to mandate 2FA for all code contributors by 2023

The world’s largest development platform will require all code-contributing users to enroll in two-factor authentication by the end of 2023 to enhance software supply chain security.

data protection / security / risk management / data privacy / GDPR
News

Exiger launches data-agnostic supply chain risk platform

With supply chain risks abounding, extra visibility into potential problems could stand manufacturers in good stead.

Two developers collaborate on a project as they review code on a display in their workspace.
News

Anchore Enterprise software SCM platform adds SBOM capabilities

The new release of Anchore's software SCM (supply chain management) platform generates an SBOM (software bill of materials) for individual builds and steps in a development cycle, automatically triggering alerts for possible...

wind turbines energy utilities innovation alternative energy by anna jimenez calaf unsplash
News

Fortress creates center for security information on energy suppliers

Vendor library offers means to bolster supply-chain security through data sharing and communication.

Tech Spotlight > Cybersecurity [CSO] > Hands gesture in conversation
News

HackerOne calls for end of security by obscurity

The bug hunting platform offers a proposal for greater corporate cybersecurity responsibility and transparency.

supply chain / virtual network of connections
Feature

3 steps to supply chain resilience

Malicious actors are targeting your third- and fourth-party vendors, causing supply chain disruption and risk to your own network. Mitigate that risk by taking these actions.

Russian hammer and sickle / binary code
News Analysis

Russian cyberspies target cloud services providers and resellers to abuse delegated access

A new Microsoft advisory claims Russia's Nobelium group is trying to gain long-term access to the technology supply chain and offers mitigation advice.

API security alert / software development / application flow chart diagram
News Analysis

Detecting anomalies with TLS fingerprints could pinpoint supply chain compromises

Researchers at Splunk outline a technique, pioneered by Salesforce, that could detect malicious activity in the software supply chain, but with some limitations.

Digital fingerprints are virtually connected. [tracking / identity / genetics / data privacy]
News

Supply-chain attack on Kaseya remote management software targets MSPs

REvil ransomware pushers exploit zero-day flaw in Kaseya VSA to infect MSPs and their customers.

tc vcmar hudson
video

Securing the software supply chain: A structured approach

Managing risk across an extended supply chain is extremely challenging for organizations of all sizes. The sheer volume of connected components that communicate, store, and process data will continue to expand the attack surface, and...

Load More
You Might Also Like
Most Popular