Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

Mitigate Upstream Risk in your Software with Black Duck Supply Chain Edition | Synopsys

Apr 9, 2024 By Synopsys In Synopsys
In this video, we introduce the new Black Duck Supply Chain Edition, which provides a full range of supply chain security capabilities to teams responsible for building secure, compliant applications. With third-party SBOM import and analysis, malware detection, and export options in SPDX or CycloneDX formats, teams can establish complete supply chain visibility, identify and mitigate risk, and align with customer and industry requirements.
View Video
cyberint

The Weak Link: Recent Supply Chain Attacks Examined

Apr 8, 2024 By Shmuel Gihon In Cyberint
Supply chain attacks are a growing and increasingly sophisticated form of cyber threat. They target the complex network of relationships between organizations and their suppliers, vendors, and third-party service providers. These attacks exploit vulnerabilities that emerge due to the interconnected nature of digital supply chains, which often span multiple organizations, systems, and geographies.
Read Post
armo

Yet another reason why the xz backdoor is a sneaky b@$tard

Apr 3, 2024 By Ben Hirschberg In ARMO
A contributor to the liblzma library (a compression library that is used by the OpenSSH project, among many others) submitted malicious code that included an obfuscated backdoor. Since the maintainers had no reason to suspect foul play, they accepted and merged the contribution. The malicious code made it into the compression library release, and later on to the OpenSSH server, which relies on the library in question.
Read Post
CrowdStrike

CVE-2024-3094 and the XZ Upstream Supply Chain Attack: What You Need to Know

Apr 2, 2024 By Dumitra Dragos - Amit Serper - Suraj Sahu In CrowdStrike
CrowdStrike is committed to protecting our customers from the latest and most sophisticated cybersecurity threats. We are actively monitoring activity surrounding CVE-2024-3094, a recently identified vulnerability in XZ Utils.
Read Post
cato networks

XZ Backdoor / RCE (CVE-2024-3094) is the Biggest Supply Chain Attack Since Log4j

Apr 1, 2024 By Vitaly Simonovich In Cato Networks
A severe backdoor has been discovered in XZ Utils versions 5.6.0 and 5.6.1, potentially allowing threat actors to remotely access systems using these versions within SSH implementations. Many major Linux distributions were inadvertently distributing compromised versions. Consult your distribution’s security advisory for specific impact information.
Read Post

The 443 Podcast - Episode 284 - A Bad Month for Software Supply Chains

Apr 1, 2024 By WatchGuard In WatchGuard
This week on the podcast, we cover a software supply chain attack years in the making that was days away from a devastating global impact. After that, we cover Facebook's Project Ghostbusters and its impact on user privacy before ending with another software supply chain attack that successfully compromised developers in the gaming world. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
View Video
jfrog

The State of Software Supply Chain Security in 2024

Mar 27, 2024 By Sean Pratt In JFrog
In today’s fast-paced software development landscape, managing and securing the software supply chain is crucial for delivering reliable and trusted software releases. With that in mind, it’s important to assess whether your organization is set up to handle the continuous expansion of the open-source ecosystem and an ever-growing array of tools to incorporate into your supply chain.
Read Post

Understanding Supply Chain Risk - Using SCA to protect your application

Mar 27, 2024 By GitGuardian In GitGuardian
Understanding our supply chain means understanding all the components that make it. But this is harder than it appears. Open-source components make up 80 - 90% of our application's source code, but we must also remember that our open-source components are also made from open-source components, it's like supply chain inception. SCA or Software Composition Analysis is a security tool that looks at your entire supply chain and outlines vulnerabilities, including transitive or downstream dependencies.
View Video
signmycode

What is a Software Bill of Material? SBOM and Supply Chain Security

Mar 26, 2024 By SignMyCode In SignMyCode
SBOM and supply chain security help organizations stay on top of their information security and comply with regulations. In this regard, the SBOM (software bill of materials) can be an instrumentation. Meanwhile, the continually changing digital environment with cyber threats lurking in every corner, as well as the possibility of vulnerabilities, can lead to disasters; knowing the importance of software bill of materials (SBOM) is significant.
Read Post
signmycode

Software Supply Chain Attacks: Notable Examples and Prevention Strategies

Mar 19, 2024 By SignMyCode In SignMyCode
Supply chain attack is a kind of cyberattack which targets the network that is made up of suppliers, vendors, contractors and other business partners that organizations rely on to provide goods and services. As opposed to directly attacking a target organization’s systems or infrastructure, attackers use supply chain vulnerabilities to gain unauthorized access or compromise the integrity of products or services.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.