So, if no suppliers are attack-proof, how can companies respond to supply chain attacks? Reducing the excessive trust organizations give third parties is a good place to start. Implementing a Zero Trust architecture can make a big difference in this area. ...
A platform called Top.gg that’s used to publish bots for the popular Discord chat app recently had one of its GitHub repositories poisoned with malicious code as part of a larger software supply chain attack. The incident highlights the snowball effect that even one malicious package...
Software supply chain security involves safeguarding software components, activities and practices during creation and deployment, including third-party code and interfaces. Explore how organizations can ensure supply chain security and provide proof to
A new open framework has been launched to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack Reference (OSC&R) initiative, ...
The OSC&R (Open Software Supply Chain Attack Reference) is an open source framework used for understanding and evaluating existing threats to entire software supply chain security. OSC&R was created to establish a standard language and structure for comprehending and evaluating the tac...
Securing Open Source: Lessons from the Software Supply Chain Revolution December 2, 2024Read ➝ Defensible Security Architecture and Engineering: Designing and Building Defenses for the Future November 25, 2024Read ➝ Breathing New Life into a Stagnant AppSec ...
Cybersecurity researchers today disclosed a new supply chain attack targeting online gamers by compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs. Dubbed "Operation NightScout" by Slovak cybersecurity firm ESET, the highly-targeted surveillance campaign involved dist...
The full 70-page report provides a detailed account of attacks observed in the wild during a full year of detailed observation and tracing. This is the first such report to outline the precise, systematic methods used to attack container infrastructure, and to highlight supply chain attacks as ...
According to a CrowdStrike report, 45% of surveyed organizations said they experienced at least one software supply chain attack in 2021. In 2023, the average number of SaaS apps used by each company is 130 - a 5x increase compared to 2021. With third-party relationships multiplying at such ...
Supply-chain software firm Blue Yonder suffers ransomware attack 5 days ago Business Google proposes new changes to Search in the EU 5 days ago Enterprise Open-source champion Kelsey Hightower on the promise of Bluesky 5 days ago Business