supply chain – Page 2 – WindowsTechs.com

AT&T agrees to $13 million fine for third-party cloud breach

Posted on September 17, 2024 by djohnson

The Federal Communications Commission has reached a $13 million settlement with AT&T over a January 2023 data breach that was traced to one of its third-party cloud vendors. The breach, which resulted in the theft of information related to more than 8.9 million AT&T Mobility customers, happened through an unnamed company the telecom giant used […]

The post AT&T agrees to $13 million fine for third-party cloud breach appeared first on CyberScoop.

Continue reading AT&T agrees to $13 million fine for third-party cloud breach→

Software Security Firm RunSafe Raises $12 Million in Series B Funding

Posted on September 17, 2024 by Eduard Kovacs

RunSafe Security has raised $12 million in a Series B funding round for a solution designed to help companies develop secure software.
The post Software Security Firm RunSafe Raises $12 Million in Series B Funding appeared first on SecurityWeek.
Continue reading Software Security Firm RunSafe Raises $12 Million in Series B Funding→

WordPress plugin and theme developers told they must use 2FA

Posted on September 12, 2024 by Graham Cluley

Starting October 1, WordPress plugin and theme developers must enable 2FA. This move aims to boost security and help prevent supply-chain attacks from targeting millions of websites.

Read more in my article on the Tripwire State of Security blog. Continue reading WordPress plugin and theme developers told they must use 2FA→

How cyber criminals are compromising AI software supply chains

Posted on September 6, 2024 by Charles Owen-Jackson

With the adoption of artificial intelligence (AI) soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important. Recent research by SentinelOne exposed a new ransomware actor, dubbed NullBulge, which targets software supply chains by weaponizing code in open-source repositories like Hugging Face and GitHub. The group, claiming to […]

The post How cyber criminals are compromising AI software supply chains appeared first on Security Intelligence.

Continue reading How cyber criminals are compromising AI software supply chains→

Zero trust: How the ‘Jia Tan’ hack complicated open-source software

Posted on August 15, 2024 by Christian Vasquez

The volunteers that maintain open-source software have always been knocked around by the tech community. The Jia Tan hack made it all so much worse.

The post Zero trust: How the ‘Jia Tan’ hack complicated open-source software appeared first on CyberScoop.

Continue reading Zero trust: How the ‘Jia Tan’ hack complicated open-source software→

Misconfigurations and IAM weaknesses top cloud security concerns

Posted on August 12, 2024 by Help Net Security

Traditional cloud security issues often associated with cloud service providers (CSPs) are continuing to decrease in importance, according to the Top Threats to Cloud Computing 2024 report by the Cloud Security Alliance. Misconfigurations, IAM weakness… Continue reading Misconfigurations and IAM weaknesses top cloud security concerns→

UK Government Announces £32m for AI Projects After Scrapping Funding for Supercomputers

Posted on August 7, 2024 by Fiona Jackson

The investment will go into 98 AI projects that will ultimately improve safety on construction sites, reduce train delays, and cut emissions across supply chains. Continue reading UK Government Announces £32m for AI Projects After Scrapping Funding for Supercomputers→

Sports venues must vet their vendors to maintain security

Posted on August 7, 2024 by Help Net Security

Sporting events generate a lot of consumer activity, from hotels and restaurants to retail. Large sporting events are held together by webs of connectivity that include vendors, sponsors, employees, and consumers. These networks connect ticketing, merc… Continue reading Sports venues must vet their vendors to maintain security→

Leaked GitHub Python Token

Posted on August 2, 2024 by Bruce Schneier

Here’s a disaster that didn’t happen:

Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF).

JFrog discussed what could have happened:

The implications of someone finding this leaked token could be extremely severe. The holder of such a token would have had administrator access to all of Python’s, PyPI’s and Python Software Foundation’s repositories, supposedly making it possible to carry out an extremely large scale supply chain attack…

Continue reading Leaked GitHub Python Token→

Compromising the Secure Boot Process

Posted on July 26, 2024 by Bruce Schneier

This isn’t good:

On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it. The repository was located at https://github.com/raywu-aaeon/Ryzen2000_4000.git, and it’s not clear when it was taken down…

Continue reading Compromising the Secure Boot Process→