Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

tripwire

Defending Against Supply Chain Spoofing in Critical Manufacturing

Apr 30, 2024 By Isla Sibanda In Tripwire
Supply chain attacks are a serious and growing threat to businesses across all industries. However, these attacks pose an even greater risk for manufacturers in critical infrastructure sectors. One pernicious form of supply chain attack is spoofing, where attackers impersonate legitimate suppliers to sneak malicious code or components into products. Research shows that 2023 had the highest number (2769 in the US alone) of entities affected by supply chain spoofing.
Read Post
ionix

Preventing Magecart Attacks Through Supply Chain Vulnerabilities

Apr 30, 2024 By Nethanel Gelernter April 30th, 2024 In IONIX
The digital supply chain refers to the chain of third-party digital tools, services and infrastructure that is depended on for a particular first-party service (such as your website or SaaS platform). In an ever-changing digital landscape, supply chains can be brittle with many unseen risks. The nature of supply chain risk is transitive; any part of the often long and complicated digital supply chain can be compromised, causing all components downstream of it to also be compromised.
Read Post

Securing the Supply Chain - Automating our Way Out of Security Whack-a-Mole

Apr 26, 2024 By GitGuardian In GitGuardian
Open-source components forever changed how we build software, but they are also a prominent security threat, nothing illustrated this better than the recent XZ library incident where the world narrowly avoided a massive supply chain attack. Join Gene Gotimer and Mackenzie Jackson to discuss how we can keep our open-source supply chains secure as we discuss: Security implications of vulnerable open-source components How using automation can help us move toward a secure supply chain How to discover and detect vulnerable components.
View Video
bitsight

Championing Supply Chain Cybersecurity Amid Evolving Regulations-A New CISO Imperative

Apr 18, 2024 By Sabrina Pagnotta In BitSight
Supply chain cybersecurity and resilience have become pivotal across various cyber regulations, most notably NIS2 and DORA. In this blog, stemming from our latest ebook '5 Proven Strategies to Maximize Supply Chain Cyber Risk Management’, we will explore the reasons why resilience is a new mandate for CISOs today and, most importantly, how to secure the supply chain at scale—in line with evolving regulatory requirements.
Read Post
tripwire

Supply Chain Cybersecurity - the importance of everyone

Apr 18, 2024 By Gary Hibberd In Tripwire
I’m always surprised – and a little disappointed – at how far we have to go before supply chain cybersecurity gets the respect and attention it deserves. I sat down this week with a new client who wanted some help addressing several internal issues surrounding their IT systems. When I asked them about their relationship with the supplier – essentially, how was their supply chain cybersecurity? - their response was not only worrying but, unfortunately, quite typical.
Read Post
securitysenses

Many industries could benefit from the advantages of blockchain

Apr 12, 2024 By SecuritySenses In SecuritySenses
Blockchain technology has been a subject of discussion for some quite already but now has begun to be used in several industries, as it brings plenty of advantages. The widespread use of blockchain has happened due to the extraordinary features that can potentially solve numerous complications businesses face in their operations.
Read Post
Arctic Wolf

Beyond Sisense: Navigating the Rising Tide of Supply Chain Attacks

Apr 12, 2024 By Dan Schiappa In Arctic Wolf
Threat actors looking to maximize the amount of money they can make and chaos they can cause have once again chosen the supply chain as their target of attack. On Thursday, April 11, the Cybersecurity & Infrastructure Agency (CISA) warned customers of Sisense, a company that provides data analytics services to thousands of international companies, that they should reset their credentials for Sisense services and look out for suspicious activity involving their services.
Read Post
synopsys

Securing the software supply chain with Black Duck Supply Chain Edition

Apr 9, 2024 By Mike McGuire In Synopsys
Each year, our "Open Source Security and Risk Analysis” (OSSRA) report highlights the fact that open source software (OSS) plays a critical and substantial role in modern application development, and it is therefore foundational to the software supply chain. The prevalence of OSS within commercial applications makes it difficult to track, and that makes it difficult to manage the risk that it may introduce.
Read Post

Mitigate Upstream Risk in your Software with Black Duck Supply Chain Edition | Synopsys

Apr 9, 2024 By Synopsys In Synopsys
In this video, we introduce the new Black Duck Supply Chain Edition, which provides a full range of supply chain security capabilities to teams responsible for building secure, compliant applications. With third-party SBOM import and analysis, malware detection, and export options in SPDX or CycloneDX formats, teams can establish complete supply chain visibility, identify and mitigate risk, and align with customer and industry requirements.
View Video
cyberint

The Weak Link: Recent Supply Chain Attacks Examined

Apr 8, 2024 By Shmuel Gihon In Cyberint
Supply chain attacks are a growing and increasingly sophisticated form of cyber threat. They target the complex network of relationships between organizations and their suppliers, vendors, and third-party service providers. These attacks exploit vulnerabilities that emerge due to the interconnected nature of digital supply chains, which often span multiple organizations, systems, and geographies.
Read Post
Subscribe to Supply Chain

Copyright © 2024 OpsMatters™. All rights reserved.