Software supply chain security involves safeguarding software components, activities and practices during creation and deployment, including third-party code and interfaces. Explore how organizations can ensure supply chain security and provide proof to
accelerates the speed of the attack, and makes human intervention in the attack less likely. Additionally, a supply chain can continue to yield benefits to attacks as long as the operation remains undetected.
Examples of software supply chain attacks with global reach Starting in 2012 the industry began to see a marked increase in the number of attacks targeted at software supply chains each year. Like other hacking incidents, a well-executed software supply chain attack can spread...
Supply Chain Attack - The Codecov case | Play by play View This attack concerned software deployment tools, specifically the CI/CD environment. The CI/CD (Continuous Integration / Continuous Deployment) pipeline is a process by which software can be automatically tested before it is automatically ...
When a supply chain attack is targeting your customers’ financial and personal information, it is predominantly JavaScript being compromised. To combat it, your fraud and security teams need control over the behavior of any third party JavaScript code embedded in your web applications. With continuou...
A platform called Top.gg that’s used to publish bots for the popular Discord chat app recently had one of its GitHub repositories poisoned with malicious code as part of a larger software supply chain attack. The incident highlights the snowball effect that even one malicious package...
The Recent History of Software Supply Chain Attacks Whilst the NOBELIUM incident was the latest high profile software supply chain attack, it is far from the first such attack;NotPetyaandCCleanerattacks were both high profile software supply chain attack examples. These supply c...
Jason Kent, hacker in residence at application programming interface security startupCequence Security Inc., told SiliconANGLE that “these new supply chain attacks are becoming increasingly creative and showing that attackers have all the time in the world to attack code, infrastructure, users and wh...
There are plenty more examples, but you get the idea. Cyber supply chain risk management Why is the supply chain so popular among attackers? One obvious reason is that it is an ever-expanding attack surface. Businesses, especially in an online world, are interconnected like never before. Mos...
Common Forms of Attack Malicious software posing as genuine packages routinely shows up in package management software. Two types of supply chain attacks take advantage of modern software’s numerous dependencies: typosquatting and dependency confusion. In both, the assailant uses a variety of tactics...