Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

upguard

The Biggest Security Risks in Your Supply Chain in 2022

Apr 3, 2022 By Edward Kost In UpGuard

The SolarWinds supply chain attack highlighted how vulnerable supply chains are to cyberattacks. Supply chain risk mitigation has since become an essential component of risk management strategies and information security programs. To support the success of this effort, we’ve listed the top 4 supply chain security risks you need to be aware of in 2022.

Read Post
mend

Automated Software Supply Chain Attacks: Should You be Worried?

Apr 1, 2022 By Tamir Ben Ari In Mend

From the factory floor to online shopping, the benefits of automation are clear: Larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing malicious packages, the threat actor behind this campaign has taken things to a new scale.

Read Post

How to Mitigate Risks in Software Supply Chain Security

Mar 24, 2022 By Snyk In Snyk
In this session, Mic McCully and Jake Williams explore the software supply chain as an attack vector – by identifying risks and mitigation strategies throughout the software development processes and environment. Watch this to learn how you can meet new requirements and protect your software from these attacks. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
View Video
Trustwave

Trustwave's Action Response: The Lapsus$ Hacker Group Shows Us the Importance of Securing the Digital Supply Chain

Mar 23, 2022 By Trustwave In Trustwave

Trustwave is actively tracking the threat of Lapsus$ for our clients. We encourage all organizations, especially those part of the digital supply chain, to remain vigilant and ensure that cyber best practices are implemented. We are actively investigating all unusual login behaviors for clients that use Okta. For more information on the Okta incident, please visit their blog. Trustwave does not use Okta. Actionable security recommendations for organizations can be found below.

Read Post
synopsys

How to cybersecurity: Software supply chain security is much bigger than you think

Mar 21, 2022 By Jonathan Knudsen In Synopsys
Managing the risks of your software supply chain requires more than a basic understanding of the software components that make up your applications. My wife and I have four children, which means we’ve done a ton of shopping at Costco over the years. First it was diapers, then cereal, then every other kind of food, all of which provided significant savings for our family of six.
Read Post
Snyk

Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine

Mar 16, 2022 By Liran Tal In Snyk

On March 15, 2022, users of the popular Vue.js frontend JavaScript framework started experiencing what can only be described as a supply chain attack impacting the npm ecosystem. This was the result of the nested dependencies node-ipc and peacenotwar being sabotaged as an act of protest by the maintainer of the node-ipc package.

Read Post
Snyk

Build a software bill of materials (SBOM) for open source supply chain security

Mar 14, 2022 By Liran Tal In Snyk

More than ever, developers are building web applications on the foundations of open source software libraries. However, while those libraries make up the software bill of materials (SBOM) components inventory, not all developers and business stakeholders understand the significant impact on open source supply chain security that stems from including 3rd party libraries.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.