Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

Pentest People

Current Cyber Security Trends Pt1

Aug 15, 2022 By AlexArchondakis In Pentest People

As we pass the halfway point of 2022, it’s worth taking a look at the current trends which have been present within the cyber security world and what to look out for in the future. Being aware of trends allows organisations to plan for the future and put processes or defences in place before they’re required.

Read Post
tripwire

Supply Chain Cybersecurity - the importance of everyone

Aug 11, 2022 By Tripwire Guest Authors In Tripwire

This week, I spoke with a new client who told me all about how they are looking forward to addressing a number of internal issues surrounding their IT systems. They explained that over the last 12 months, they repeatedly had issues of delays in service and outages, which had affected their business. Discussing this further, I explored their relationship with the supplier and asked what due diligence they had performed prior to working with them.

Read Post
synopsys

Synopsys and ESG report points to prevalence of software supply chain risks

Aug 9, 2022 By Synopsys Editorial Team In Synopsys
New research shows organizations are significantly increasing efforts to secure their supply chains in response to software supply chain attacks like Log4Shell, SolarWinds, and Kaseya. Today, the Enterprise Strategy Group (ESG) released “Walking the Line: GitOps and Shift Left Security,” a multiclient developer security research report examining the current state of application security.
Read Post
synopsys

CyRC Vulnerability Analysis: Repo jacking in the software supply chain

Aug 2, 2022 By Theo Burton In Synopsys
Repo jacking is often the first step in a supply chain attack. Learn the security methods and tools used to help protect your organization. In recent months, an increasingly prevalent threat to open source repositories has been the observed in the rise of cases of repository hijacking—repo jacking for short.
Read Post
nightfall

Dissecting Supply Chain Attacks: A Report on a Growing Sensitive Data Exposure Vector

Jul 19, 2022 By Michael Osakwe In Nightfall

Third-party risk has always been a concern for organizations, but since COVID and the rise of remote work, we’ve seen a dramatic acceleration in campaigns leveraging software supply chain attacks. Not just through open source vulnerabilities, but through closed source applications and services as well. To adapt to this new normal, it’s important to develop an understanding of supply chain attacks and protect yourself from them.

Read Post
jfrog

Testing resiliency against malicious package attacks: a double-edged sword?

Jul 12, 2022 By Andrey Polkovnychenko In JFrog

The JFrog Security research team continuously monitors popular open-source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. At times, we notice trends that are worth analyzing and learning from.

Read Post
alienvault

5 Common blind spots that make you vulnerable to supply chain attacks

Jul 11, 2022 By Nahla Davies In AT&T Cybersecurity

Over the past several years, hackers have gone from targeting only companies to also targeting their supply chain. One area of particular vulnerability is company software supply chains, which are becoming an increasingly common method of gaining access to valuable business information. A study by Gartner predicted that by 2025, 45% of companies will have experienced a supply chain attack.

Read Post

RKVST (Jitsuin) SCITT Demo from 2019

Jul 11, 2022 By DataTrails In DataTrails
Supply Chain Integrity, Transparency, and Trust... all in one platform. A little throw-back here...all the way to 2019! SCITT is a hot area right now in 2022 but this is what we've been doing since the beginning. We were even still called Jitsuin :-) This is a very quick run through how making supply chain evidence available to all authorised partners in a supply chain as quickly as possible with Provenance, Governance, and Immutability guarantees can boost trust, reduce risk, and speed operations.
View Video
datatrails

What is SCITT and how does RKVST help?

Jul 11, 2022 By Jon Geater In DataTrails

SCITT in the information security context stands for “Supply Chain Integrity, Transparency, and Trust”. It’s a relatively young discipline and the dust is still settling over its scope and definition but the core is very simple: risk vests in the operator of equipment, but it originates at every point in the supply chain.

Read Post
redscan

NIST updates guidance on supply chain risk

Jul 1, 2022 By The Redscan Team In Redscan
The National Institute of Standards and Technology (NIST) recently updated its guidance to offer support for key practices and approaches involved in successful cyber security supply chain risk management (C-SCRM). In this blog post, we provide an overview of the update and what it means for organisations.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.