JavaScript supply chain attacks are a bit like rolling thunder. The boom starts in one location and then reverberates along a path, startling folks, shaking windows, and—if there is a significant enough storm to accompany the thunder—leaving varying degrees of devastation in its wake.
Third-party data breaches are one of the most concerning issues in cybersecurity today. You need your third parties to do business, but you can’t always trust (or verify) that their cybersecurity controls are as strong as they say, no matter how many questionnaires you send out. And of course, cybercriminals know that by hitting vendors rather than every single company separately, they can get the most ill-gotten gains for their effort.
The coronavirus pandemic created new challenges for businesses as they adapt to an operating model in which working from home has become the ‘new normal. In addition, threat actors constantly change their strategies, tools, and techniques. When their attacks become less effective, they look for new weaknesses to expose and move to.
1Password for Linux turns one today. 🎂
Despite years of industry efforts to combat insider threats, malicious behavior can still sometimes be difficult to identify. As organizations work towards building a corporate cyber security culture, many have begun looking into zero-trust architectures to cover as many attack surfaces as possible. This action is a step in the right direction, but it also has the potential to raise fears and generate negative responses from employees.
