software supply chain – Page 3

What 36,000 OSS Projects and 12,000 Commercial Dev Teams Taught Us About Secure Coding Practices

Posted on June 25, 2019 by Derek Weeks

After ten months of research which involved studying 36,000 open source software projects, 12,000 enterprise development teams, and 3.7 million open source releases, we are pleased to announce the arrival of the 2019 State of the Software Supply C… Continue reading What 36,000 OSS Projects and 12,000 Commercial Dev Teams Taught Us About Secure Coding Practices→

In the Dark About Supply Chain Vulnerabilities

Posted on June 18, 2019 by Matt Howard

The software supply chain can create a seemingly endless attack surface. Here’s what you can do to better protect it. Is the “Barium” hacking collective Chinese? Russian? North Korean? It really doesn’t matter. What we know for sure is that thei… Continue reading In the Dark About Supply Chain Vulnerabilities→

Attack inception: Compromised supply chain within a supply chain poses new risks

Posted on July 26, 2018 by Windows Defender ATP

A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF edito… Continue reading Attack inception: Compromised supply chain within a supply chain poses new risks→

Yet Another WordPress Extension Changes Owner and Gets Backdoored

Posted on December 21, 2017 by Lucian Constantin

A WordPress plug-in called Captcha with more than 300,000 active installations contained a backdoor that allowed its maintainer to gain unauthorized administrative access to other people’s websites. The plug-in was apparently backdoored after its… Continue reading Yet Another WordPress Extension Changes Owner and Gets Backdoored→

Three Thirds of Enterprise Applications Have at Least One Vulnerability

Posted on October 20, 2017 by Lucian Constantin

Security firm Veracode has released its annual report on the state of software security and it paints a bleak picture: 77 percent of enterprise applications assessed for the first time had at least one vulnerability and 88 percent of Java applications had at least one vulnerability inherited from a third-party open source component. The report’s..

The post Three Thirds of Enterprise Applications Have at Least One Vulnerability appeared first on Security Boulevard.

Continue reading Three Thirds of Enterprise Applications Have at Least One Vulnerability→

Supply Chain Update Software Unknowingly Used in Attacks

Posted on May 5, 2017 by Tom Spring

Microsoft shuts down hackers who hijacked a software updater with fileless, or in-memory, malware attacks. Continue reading Supply Chain Update Software Unknowingly Used in Attacks→