Collaborate Disseminate
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
The post Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed appeared first on SecurityWeek.
Continue reading Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed
Join the virtual event as we explore of the critical nature of software and vendor supply chain security issues.
The post Watch on Demand: Supply Chain & Third-Party Risk Security Summit appeared first on SecurityWeek.
Continue reading Watch on Demand: Supply Chain & Third-Party Risk Security Summit
The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.
The post 100 Car Dealerships Hit by Supply Chain Attack appeared first on SecurityWeek.
Continue reading 100 Car Dealerships Hit by Supply Chain Attack
The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.
The post Popular GitHub Action Targeted in Supply Chain Attack appeared first on SecurityWeek.
Continue reading Popular GitHub Action Targeted in Supply Chain Attack
Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices.
The post UK Government Report Calls for Stronger Open Source Supply Chain Security Practices appeared first on SecurityWeek.
Continue reading UK Government Report Calls for Stronger Open Source Supply Chain Security Practices
Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised. […]
The post 4 trends in software supply chain security appeared first on Security Intelligence.
Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised. […]
The post 4 trends in software supply chain security appeared first on Security Intelligence.
Opengrep is a new consortium-backed fork of Semgrep, intended to be and remain a true genuine OSS SAST tool.
The post Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST appeared first on SecurityWeek.
Continue reading Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST
At least one key Republican told CyberScoop that he wasn’t happy about the last-minute nature of the EO.
The post Biden cyber executive order gets mostly plaudits, but its fate is uncertain appeared first on CyberScoop.
Continue reading Biden cyber executive order gets mostly plaudits, but its fate is uncertain
To the naked eye, organizations are independent entities trying to make their individual mark on the world. But that was never the reality. Companies rely on other businesses to stay up and running. A grocery store needs its food suppliers; a tech company relies on the business making semiconductors and hardware. No one can go […]
The post Why do software vendors have such deep access into customer systems? appeared first on Security Intelligence.
Continue reading Why do software vendors have such deep access into customer systems?