Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

armo

Yet another reason why the xz backdoor is a sneaky b@$tard

Apr 3, 2024 By Ben Hirschberg In ARMO
A contributor to the liblzma library (a compression library that is used by the OpenSSH project, among many others) submitted malicious code that included an obfuscated backdoor. Since the maintainers had no reason to suspect foul play, they accepted and merged the contribution. The malicious code made it into the compression library release, and later on to the OpenSSH server, which relies on the library in question.
Read Post
CrowdStrike

CVE-2024-3094 and the XZ Upstream Supply Chain Attack: What You Need to Know

Apr 2, 2024 By Dumitra Dragos - Amit Serper - Suraj Sahu In CrowdStrike
CrowdStrike is committed to protecting our customers from the latest and most sophisticated cybersecurity threats. We are actively monitoring activity surrounding CVE-2024-3094, a recently identified vulnerability in XZ Utils.
Read Post
cato networks

XZ Backdoor / RCE (CVE-2024-3094) is the Biggest Supply Chain Attack Since Log4j

Apr 1, 2024 By Vitaly Simonovich In Cato Networks
A severe backdoor has been discovered in XZ Utils versions 5.6.0 and 5.6.1, potentially allowing threat actors to remotely access systems using these versions within SSH implementations. Many major Linux distributions were inadvertently distributing compromised versions. Consult your distribution’s security advisory for specific impact information.
Read Post

The 443 Podcast - Episode 284 - A Bad Month for Software Supply Chains

Apr 1, 2024 By WatchGuard In WatchGuard
This week on the podcast, we cover a software supply chain attack years in the making that was days away from a devastating global impact. After that, we cover Facebook's Project Ghostbusters and its impact on user privacy before ending with another software supply chain attack that successfully compromised developers in the gaming world. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
View Video
jfrog

The State of Software Supply Chain Security in 2024

Mar 27, 2024 By Sean Pratt In JFrog
In today’s fast-paced software development landscape, managing and securing the software supply chain is crucial for delivering reliable and trusted software releases. With that in mind, it’s important to assess whether your organization is set up to handle the continuous expansion of the open-source ecosystem and an ever-growing array of tools to incorporate into your supply chain.
Read Post

Understanding Supply Chain Risk - Using SCA to protect your application

Mar 27, 2024 By GitGuardian In GitGuardian
Understanding our supply chain means understanding all the components that make it. But this is harder than it appears. Open-source components make up 80 - 90% of our application's source code, but we must also remember that our open-source components are also made from open-source components, it's like supply chain inception. SCA or Software Composition Analysis is a security tool that looks at your entire supply chain and outlines vulnerabilities, including transitive or downstream dependencies.
View Video
signmycode

What is a Software Bill of Material? SBOM and Supply Chain Security

Mar 26, 2024 By SignMyCode In SignMyCode
SBOM and supply chain security help organizations stay on top of their information security and comply with regulations. In this regard, the SBOM (software bill of materials) can be an instrumentation. Meanwhile, the continually changing digital environment with cyber threats lurking in every corner, as well as the possibility of vulnerabilities, can lead to disasters; knowing the importance of software bill of materials (SBOM) is significant.
Read Post
tripwire

Critical insights into Australia's supply chain risk landscape

Mar 19, 2024 By Anirudh Chand In Tripwire
Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as a challenge that demands attention and proactive strategies. From July to December 2023, 483 data breaches were reported to the Australian Information Commissioner (OAIC), up 19% from 407 between January and June of the same year.
Read Post
signmycode

Software Supply Chain Attacks: Notable Examples and Prevention Strategies

Mar 19, 2024 By SignMyCode In SignMyCode
Supply chain attack is a kind of cyberattack which targets the network that is made up of suppliers, vendors, contractors and other business partners that organizations rely on to provide goods and services. As opposed to directly attacking a target organization’s systems or infrastructure, attackers use supply chain vulnerabilities to gain unauthorized access or compromise the integrity of products or services.
Read Post
veracode

A Timely Shift: Prioritizing Software Security in the 2024 Digital Landscape

Mar 13, 2024 By Chris Wysopal In Veracode
The release of the February 2024 White House Technical Report, Back to the Building Blocks: A Path Towards Secure Measurable Software, brings about a timely shift in prioritizing software security. Software is ubiquitous, so it’s becoming increasingly crucial to address the expanding attack surface, navigate complex regulatory environments, and mitigate the risks posed by sophisticated software supply chain attacks.
Read Post
Subscribe to Supply Chain

Copyright © 2024 OpsMatters™. All rights reserved.