Supply Chain

The Risks of Open Source in the Software Supply Chain with Lawrence Crowther, Snyk

Sep 29, 2021 By Snyk In Snyk

The adoption of open-source software continues to grow and creates significant security concerns for everything from software supply chain attacks in language ecosystem registries to cloud-native application security concerns.

View Video

Snyk

Read more about The Risks of Open Source in the Software Supply Chain with Lawrence Crowther, Snyk

Supply Chain Security Update: How Secure is Composer?

Sep 16, 2021 By Mauro Chojrin In Mend

When it comes to PHP, composer is without discussion, THE package manager. It’s fast, easy to use, actively maintained and very secure — or so most thought. On April 21, 2021, a command injection vulnerability was reported, which shook the PHP community. Fortunately it didn’t have a very big impact, but it could have. The problem with the vulnerability is that it affected the very heart of the Composer supply chain: Packagist servers.

Read Post

Mend

Read more about Supply Chain Security Update: How Secure is Composer?

Detect and prevent dependency confusion attacks on npm to maintain supply chain security

Sep 13, 2021 By Liran Tal In Snyk

On February 9, 2021, Alex Birsan disclosed his aptly named security research, dependency confusion. In his disclosure, he describes how a novel supply chain attack that exploits misconfiguration by developers, as well as design flaws of numerous package managers in the open source language-based software ecosystems, allowed him to gain access and exfiltrate data from companies such as Yelp, Tesla, Apple, Microsoft, and others.

Read Post

Snyk

Read more about Detect and prevent dependency confusion attacks on npm to maintain supply chain security

Supply chain security, compliance, and privacy for cloud-native ecosystems

Aug 31, 2021 By Sumo Logic In Sumo Logic

View Video

Sumo Logic

Read more about Supply chain security, compliance, and privacy for cloud-native ecosystems

Anatomy of a Supply Chain Attack: How to Accelerate Incident Response and Threat Hunting

Aug 24, 2021 By Patrick Declusin In ThreatQuotient

In recent months, we’ve seen a sharp rise in software supply chain attacks that infect legitimate applications to distribute malware to users. SolarWinds, Codecov and Kesaya have all been victims of such attacks that went on to impact thousands of downstream businesses around the globe. Within minutes of these high-profile attacks making headline news, CEOs often ask: “Should we be concerned? How is it impacting us? What can we do to mitigate risk?” .

Read Post

ThreatQuotient

Read more about Anatomy of a Supply Chain Attack: How to Accelerate Incident Response and Threat Hunting

What is the Digital Supply Chain?

Aug 13, 2021 By Kaushik Sen In UpGuard

The supply chain for any product has several moving parts. Each activity in the supply chain plays a role in the flow that begins with sourcing a product's raw materials and ends with delivering the finished goods to a customer. As with many other areas of modern business, digital technologies are redefining supply chains. With more technology comes increased cyber risks. This article explains digital supply chains along with their benefits and cybersecurity risks.

Read Post

UpGuard

Read more about What is the Digital Supply Chain?

Ransom Attacks & Supply Chains :The Soft Underbelly of Secure Enterprise Systems

Aug 9, 2021 By Veriato In Veriato

The Veriato podcast guest for this month is Michael Owens, the Business Information Security Officer at Equifax and an all around rockstar when it comes to cybersecurity. He joins Dr. Christine Izuakor to discuss how supply chains are like the "soft underbelly" to gain access to otherwise secure enterprise systems.

View Video

Veriato

Read more about Ransom Attacks & Supply Chains :The Soft Underbelly of Secure Enterprise Systems

Are We Forever Doomed By Software Supply Chain Risks? Cyber Week Israel 2021, Liran Tal

Aug 1, 2021 By Snyk In Snyk

The adoption of open-source software continues to grow and creates significant security concerns for everything from software supply chain attacks in language ecosystem registries to cloud-native application security concerns. In this session, we will explore how developers are targeted as a vehicle for malware distribution, how immensely we depend on open-source maintainers to release timely security fixes, and how the race to the cloud creates new security concerns for developers to cope with, as computing resources turn into infrastructure as code.

View Video

Snyk

Read more about Are We Forever Doomed By Software Supply Chain Risks? Cyber Week Israel 2021, Liran Tal

How to Secure Your Supply Chain

Jul 28, 2021 By Razorthorn In Razorthorn

We've talked about supply chain security before but it's a trend that doesn't appear to be going away - indeed, the number of attacks on service providers only seems to be increasing. Outsourcing is always a strategic risk for any business, but knowing that these attacks are getting more prevalent, what do you need to be doing to make sure your supply chain in secure? We talk about what needs considering to ensure your data isn't compromised by third party security issues. (Start at 7 mins 33 secs to skip to the 'how to').

View Video

Razorthorn

Read more about How to Secure Your Supply Chain

How Network Segmentation Can Protect Supply Chains from Ransomware Attacks

Jul 27, 2021 By Tripwire Guest Authors In Tripwire

Organizations can take various steps to protect their operational technology (OT) environments against digital threats. But some stand out more than others. In particular, network segmentation is described as “the first answer to insufficient ICS (Industrial Control System) cybersecurity.” Experts advocate zoning ICS assets to coordinate informational technology (IT) and OT environments effectively. That doesn’t always happen, however.

Read Post

Tripwire

Read more about How Network Segmentation Can Protect Supply Chains from Ransomware Attacks

Subscribe to Supply Chain

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

The Risks of Open Source in the Software Supply Chain with Lawrence Crowther, Snyk

Supply Chain Security Update: How Secure is Composer?

Detect and prevent dependency confusion attacks on npm to maintain supply chain security

Supply chain security, compliance, and privacy for cloud-native ecosystems

Anatomy of a Supply Chain Attack: How to Accelerate Incident Response and Threat Hunting

What is the Digital Supply Chain?

Ransom Attacks & Supply Chains :The Soft Underbelly of Secure Enterprise Systems

Are We Forever Doomed By Software Supply Chain Risks? Cyber Week Israel 2021, Liran Tal

How to Secure Your Supply Chain

How Network Segmentation Can Protect Supply Chains from Ransomware Attacks

Monthly Archive

Follow Us