4 trends in software supply chain security

Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised. […]

The post 4 trends in software supply chain security appeared first on Security Intelligence.

Continue reading 4 trends in software supply chain security

4 trends in software supply chain security

Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised. […]

The post 4 trends in software supply chain security appeared first on Security Intelligence.

Continue reading 4 trends in software supply chain security

Biden cyber executive order gets mostly plaudits, but its fate is uncertain

At least one key Republican told CyberScoop that he wasn’t happy about the last-minute nature of the EO.

The post Biden cyber executive order gets mostly plaudits, but its fate is uncertain appeared first on CyberScoop.

Continue reading Biden cyber executive order gets mostly plaudits, but its fate is uncertain

Why do software vendors have such deep access into customer systems?

To the naked eye, organizations are independent entities trying to make their individual mark on the world. But that was never the reality. Companies rely on other businesses to stay up and running. A grocery store needs its food suppliers; a tech company relies on the business making semiconductors and hardware. No one can go […]

The post Why do software vendors have such deep access into customer systems? appeared first on Security Intelligence.

Continue reading Why do software vendors have such deep access into customer systems?

Only 26% of Europe’s top companies earn a high rating for cybersecurity

With the EU’s Digital Operational Resilience Act (DORA) deadline approaching on 17th January, 2025, Europe’s top 100 companies face an urgent cybersecurity challenge, according to SecurityScorecard. A-rated companies safer from breaches The report high… Continue reading Only 26% of Europe’s top companies earn a high rating for cybersecurity

Ultralytics Supply-Chain Attack

Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary:

On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ­—which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the project’s build environment was achieved by exploiting a known and previously reported GitHub Actions script injection.

Lots more details at that link. Also …

Continue reading Ultralytics Supply-Chain Attack

Containers have 600+ vulnerabilities on average

Containers are the fastest growing – and weakest cybersecurity link – in software supply chains, according to NetRise. Companies are struggling to get container security right. Issues from misconfigured clouds, containers, and networks to u… Continue reading Containers have 600+ vulnerabilities on average

Evaluating your organization’s application risk management journey

In this Help Net Security interview, Chris Wysopal, Chief Security Evangelist at Veracode, discusses strategies for CISOs to quantify application risk in financial terms. Wysopal outlines the need for continuous risk management practices and robust str… Continue reading Evaluating your organization’s application risk management journey