Collaborate Disseminate
Defense contractors hold information that’s vital to national security and will soon be required to meet Cybersecurity Maturity Model Certification (CMMC) compliance to keep those secrets safe. Nation-state hackers are actively and specifically t… Continue reading Federal defense contractors are not properly securing military secrets
As cyber attackers increasingly look to capitalize on accelerating digitalization that has seen many enterprises significantly increase their reliance on cloud-based solutions and services as well as third-party service providers, software supply chain… Continue reading How to assess and mitigate complex supply chain risks
FishPig, a UK-based company developing extensions for the popular Magento open-source e-commerce platform, has announced that its paid software offerings have been injected with malware after its distribution server was compromised. How the attackers c… Continue reading Attackers mount Magento supply chain attack by compromising FishPig extensions
As cyber attackers increasingly look to capitalize on accelerating digitalization that has seen many enterprises significantly increase their reliance on cloud-based solutions and services as well as third-party service providers, software supply chain… Continue reading Supply chain risk is a top security priority as confidence in partners wanes
PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. “We have additionally determined that some maintainers of legitimate projects have been compromised, and malware pub… Continue reading Phishing PyPI users: Attackers compromise legitimate projects to push malware
Organizations are struggling to sufficiently secure new cloud environments implemented during the pandemic, while maintaining legacy equipment and trying to adapt their overall security strategy to the evolving landscape, according to a Proofpoint stud… Continue reading How vulnerable supply chains threaten cloud security
Supply chain attacks are on the rise, and many organizations seem unsure on how to respond to the threat, but I’m here to tell you that there are several steps you can take to minimize your risk of being involved in a supply chain breach. These are the… Continue reading How to minimize your exposure to supply chain attacks
The shift to cloud-native development, along with the increased speed in development brought about by the adoption of DevOps processes, has made the challenges connected with securing software supply chains infinitely more complex, according to recent … Continue reading Now is the time to focus on software supply chain security improvements
Abnormal Security released new research that showcases a rising trend in financial supply chain compromise as threat actors impersonate vendors more than ever before. In January 2022, the number of business email compromise (BEC) attacks impersonating … Continue reading Threat actors increasingly use third parties to run their scams
There have been more than 200 dedicated supply chain attacks over the past decade. Some of these campaigns have affected countless supplier networks and millions of customers – SolarWinds, Kaseya and the recent Log4j debacle come to mind. But giv… Continue reading How the blurring of the “supply chain” opens your doors to attackers—and how you can close them