Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In my previous post, I began to list the ways you can strengthen your security posture, with some holistic approaches to application security and the software supply chain. In this second part of the series, let’s look at six more important considerations.

At Ekran System, we take our security and the protection of our partners and customers seriously. Our commitment to delivering the best insider risk management services motivated us to align our own security posture to the current Cyber Essentials standards. We are proud to announce that we have obtained the certification!

Developing applications and working within the software supply chain requires hard skills such as coding and proficiency in programming languages. However, protecting the software supply chain also requires some softer skills and an openness to strategies and tools that will strengthen your security posture. In this two-part series, we will discuss these considerations and how they support a holistic approach to application security and software supply chain security.

Forescout Vedere Labs has identified a total of 21 new vulnerabilities affecting Sierra Wireless AirLink cellular routers and some of its open source components such as TinyXML and OpenNDS, which are used in a variety of other products.

Over sixty credit unions across the United States have been taken offline following a ransomware attack at one of their technology providers - demonstrating once again the damage that can be caused by a supply-chain attack. There are a few moving parts here, so here’s a quick summary: Trellance - A provider of solutions and services used by credit unions, and the parent company of FedComp. FedComp - a provider of software and services that enable credit unions to operate around the world.

Recently, the Microsoft Threat Intelligence Team has discovered a supply chain attack executed by North Korean attackers. The prime victim of this attack was CyberLink, a multimedia software company headquartered in Taiwan. This strategic infiltration in the CyberLink infrastructure impacted globally present customers, risking data integrity and confidentiality.

The software supply chain today runs differently than it did just five years ago. The number of available tools, languages, and packages used have exploded. Further, the growing mix of OSS packages puts organizations at risk of outdated software, untracked dependencies, and non-compliant licenses. To add to the chaos, teams are now increasingly distributed and greater in number. All of this dramatically increases the number of inputs within the software supply chain.

The digital ecosystem is an intricate web of interconnected technologies and processes. Within this network, supply chain cybersecurity has emerged as a critical component to safeguard against the growing threat landscape. As supply chains become increasingly digital, they also become more vulnerable to cyber attacks that can disrupt operations and compromise sensitive data.