Collaborate Disseminate
Cloudflare has patched a critical vulnerability in its open source content delivery network, CDNJS. The issue threatened the security, integrity, and availability of the wider supply chain.
The post This npm Package Could Have Brought Down Cloudfl… Continue reading This npm Package Could Have Brought Down Cloudflare’s Entire CDN and Millions of Websites
Threat actors are increasingly targeting mission-critical organizations in both ransomware attacks and novel supply-chain attacks. Whether by exploiting known vulnerabilities or taking advantage of other weaknesses in the ecosystem, the UK governm… Continue reading UK Government to Step Up Supply Chain Security following US Presidential Executive Order on Cybersecurity
On May 12, 2021, the Biden Administration issued its much anticipated Executive Order (EO) on Improving the Nation’s Cybersecurity.
The post Biden’s Executive Order on Improving National Cyber Defense: Everything You Need to Know You Learned in Ki… Continue reading Biden’s Executive Order on Improving National Cyber Defense: Everything You Need to Know You Learned in Kindergarten
In my years of experience supporting the federal government in different capacities, I have seen the evolution of attack methods match the pace of innovation as our information systems become even more advanced. No matter the state of the technolo… Continue reading What is Dependency Confusion and Why Does it Matter in the Federal Sector?
Last week, software testing firm Codecov disclosed a noteworthy security incident that gained the attention of the U.S. federal government investigators.
The post What You Need to Know about the Codecov Incident: A Supply Chain Attack Gone Undetec… Continue reading What You Need to Know about the Codecov Incident: A Supply Chain Attack Gone Undetected for 2 Months
Following a growing trend in software supply chain attacks which use “dependency or namespace confusion” techniques, I sat down for a discussion on software supply chain security with a few experts on the topic.
The post Securing Software Supply C… Continue reading Securing Software Supply Chains and Dependency Confusion – An Industry Perspective
If you didn’t know what a software supply chain was – let alone a software supply chain attack – you do now. As someone who’s been researching, studying and talking about this attack vector for the past seven years, the malicious attack on SolarWi… Continue reading The SolarWinds Software Supply Chain Attack: How Developers Can Protect Applications
In the past week the US Treasury, US Department of Commerce and cybersecurity company FireEye experienced breaches tied to their reliance on software supply chains and a compromise of a SolarWinds software application. Officials stated that the ex… Continue reading Tracing the SolarWinds exploit upstream
Just months after Octopus Scanner was caught infecting 26 open-source projects on GitHub, new reports have already surfaced of another, new sophisticated malware infection. Gitpaste-12, a worming botnet, is extremely versatile in its advanced capa… Continue reading Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers
Today, application attacks and breaches are often the result of easily exploited – and easily rectified – open source vulnerabilities. While we hope companies would self-regulate their cybersecurity hygiene in our software driven world, daily brea… Continue reading Turkish Banking Agency Mandates Better Software Supply Chain Hygiene