Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

SecurityScorecard

How SecurityScorecard's Supply Chain Detection and Response Protects Financial Institutions

Dec 12, 2024 By SecurityScorecard In SecurityScorecard
As financial institutions continue to expand their digital ecosystems, the growing reliance on third-party vendors and service providers introduces significant cyber risks. With a majority of data breaches linked to vulnerabilities in the supply chain, managing these risks has become a necessity.
Read Post
gitguardian

The Ultralytics Supply Chain Attack: Connecting the Dots with GitGuardian's Public Monitoring Data

Dec 11, 2024 By Guillaume Valadon In GitGuardian
On December 4, 2024, the Ultralytics Python module was backdoored to deploy a cryptominer. Using GitGuardian’s data, we reconstructed deleted commits, connecting the dots with the initial analysis. This investigation highlights the value of GitGuardian’s data in understanding supply chain attacks.
Read Post
Snyk

Ultralytics AI Pwn Request Supply Chain Attack

Dec 11, 2024 By Stephen Thoemmes In Snyk
The ultralytics supply chain attack occurred in two distinct phases between December 4-7, 2024. In the first phase, two malicious versions were published to PyPI: version 8.3.41 was released on December 4 at 20:51 UTC and remained available for approximately 12 hours until its removal on December 5 at 09:15 UTC. Version 8.3.42 was published shortly after on December 5 at 12:47 UTC and was available for about one hour before removal at 13:47 UTC.
Read Post
mend

The @Solana/web3.js Incident: Another Wake-Up Call for Supply Chain Security

Dec 5, 2024 By Tom Abai In Mend
On December 2, 2024, the Solana community faced a significant security incident involving the @solana/web3.js npm package, a critical library for developers building on the Solana blockchain with over 450K weekly downloads. This blog post aims to break down the attack flow, explore how it happened, and discuss the importance of supply chain security.
Read Post
ciso global

The Global Effort to Maintain Supply Chain Security | Part Two

Nov 7, 2024 By Various Cybersecurity Experts In CISO Global
A well-run kitchen requires a fully stocked pantry and a clear understanding of what’s on hand. In cybersecurity, your pantry is your asset inventory—every server, every piece of software, and even those firmware components lurking in the background. You wouldn’t want to cook without knowing exactly what ingredients are available, and you don’t want to secure your supply chain without knowing what’s in your digital inventory.
Read Post
upguard

What is Cyber Supply Chain Risk Management?

Oct 31, 2024 By Edward Kost In UpGuard
Cyber supply chain risk management (C-SCRM) is the process of identifying, assessing, and mitigating cybersecurity risks associated with an organization’s supply chain. Supply chains comprise multiple attack vectors, ranging from procurement tools to suppliers, developers, and third-party services. The complexity of this attack surface warrants a risk management strategy focused on supply chain risks as an extension to an existing third-party risk management program.
Read Post
Featured Post
cycognito

What Security Teams Need to Know About the EU's NIS 2 Directive

Oct 24, 2024 By Graham Rance, VP Global Pre-Sales In CyCognito
The deadline to get compliant with the EU's NIS 2 Directive is here. And this isn't just a minor update from its NIS 1 predecessor-it's a major expansion that carries with it new challenges and obligations. The directive now covers a whopping 300,000 organizations, up from just 20,000 under NIS 1. Sectors like aerospace, public administration, digital services, postal and courier services, and food production are now included. Organizations are classified into "essential" or "important" entities based on size and criticality to the economy.
Read Post

How to Easily Generate An Accurate SBOM with Black Duck SCA | Black Duck

Oct 17, 2024 By Synopsys In Synopsys
Did you know that open source code constitutes up to 95% of the code in your applications? This creates a web of dependencies that can pose security, quality, and compliance risks. Watch the video to streamline your SBOM generation process and take control of your software supply chain. Black Duck provides a solution by helping you generate an accurate software bill of materials (SBOM) in minutes, giving you visibility into your software supply chain.
View Video
Featured Post
bluevoyant

The Role of Cyber Security in Building Supply Chain Resilience and Efficiency

Oct 16, 2024 By Lorri Janssen-Anessi, Director of External Cyber Assessments In BlueVoyant
The COVID-19 pandemic exposed significant vulnerabilities in global supply chains. With technology companies scrambling to respond to unprecedented disruptions, it became clear that traditional supply chain models were no longer sufficient. When we look back on the supply chain crisis before and during the pandemic, it is easy to identify the areas of improvement because we now have so much more information and the benefit of hindsight, but during the crisis, it was extremely challenging to find immediate ad-hoc solutions, which clearly illuminated a lack of contingency planning.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.