Supply Chain Security

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation

Microsoft, Network Security, Pixiefail, Quarkslab, Supply Chain Security, Tianocore, UEFI, Vulnerabilities /

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation 2024-01-16 at 16:16 By Ryan Naraine Quarkslab finds serious, remotely exploitable vulnerabilities in EDK II, the de-facto open source reference implementation of the UEFI spec. The post Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation appeared first on SecurityWeek. This article […]

React to this headline:

Loading spinner

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation Read More »

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise

Application Security, Featured, PyTorch, supply chain, Supply Chain Security /

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise 2024-01-12 at 14:31 By Ionut Arghire Researchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners. The post New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise Read More »

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack 

CI/CD, supply chain, Supply Chain Security /

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack  2024-01-08 at 15:46 By Ionut Arghire Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks. The post Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD

React to this headline:

Loading spinner

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack  Read More »

NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity

Application Security, NSA, SBOM, Supply Chain Security, Uncategorized /

NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity 18/12/2023 at 17:16 By Ionut Arghire NSA has published guidance to help organizations incorporate SBOM to mitigate supply chain risks. The post NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity Read More »

Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies

APT29, espionage, Malware & Threats, Russia, supply chain, Supply Chain Security /

Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies 14/12/2023 at 14:35 By Ionut Arghire US, UK, and Poland warn of Russia-linked cyberespionage group’s broad exploitation of recent TeamCity vulnerability. The post Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies Read More »

North Korean Software Supply Chain Attack Hits North America, Asia 

Featured, North Korea, supply chain, Supply Chain Security /

North Korean Software Supply Chain Attack Hits North America, Asia  24/11/2023 at 15:46 By Eduard Kovacs North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply chain attack. The post North Korean Software Supply Chain Attack Hits North America, Asia  appeared

React to this headline:

Loading spinner

North Korean Software Supply Chain Attack Hits North America, Asia  Read More »

Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets

Aqua Security, cloud security, container, Data Breaches, Kubernetes, supply chain, Supply Chain Security /

Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets 22/11/2023 at 20:31 By Ryan Naraine Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking supply chain attack bomb.” The post Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets appeared first on

React to this headline:

Loading spinner

Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets Read More »

US Government Issues Guidance on SBOM Consumption

SBOM, supply chain, Supply Chain Security /

US Government Issues Guidance on SBOM Consumption 10/11/2023 at 15:01 By Ionut Arghire CISA, NSA, and ODNI issue new guidance on managing open source software and SBOMs to maintain awareness on software security. The post US Government Issues Guidance on SBOM Consumption appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

US Government Issues Guidance on SBOM Consumption Read More »

Risk Ledger Raises £6.25 Million for Supply Chain Security Solution

Cybersecurity Funding, funding, supply chain, Supply Chain Security /

Risk Ledger Raises £6.25 Million for Supply Chain Security Solution 09/11/2023 at 15:48 By Ionut Arghire UK-based Risk Ledger has raised £6.25 million (~$7.65 million) in Series A funding to prevent supply chain attacks. The post Risk Ledger Raises £6.25 Million for Supply Chain Security Solution appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Risk Ledger Raises £6.25 Million for Supply Chain Security Solution Read More »

Supply Chain Startup Chainguard Scores $61 Million Series B

Application Security, Chainguard, Chainsmokers, container, Funding/M&A, Sequioa, Spark Capital, Supply Chain Security /

Supply Chain Startup Chainguard Scores $61 Million Series B 01/11/2023 at 18:47 By Ryan Naraine Washington startup Chainguard banks $61 million in new financing as investors make hefty wagers on software supply chain security companies. The post Supply Chain Startup Chainguard Scores $61 Million Series B appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Supply Chain Startup Chainguard Scores $61 Million Series B Read More »

North Korean Hackers Exploiting Recent TeamCity Vulnerability

supply chain, Supply Chain Security /

North Korean Hackers Exploiting Recent TeamCity Vulnerability 19/10/2023 at 14:01 By Ionut Arghire Multiple North Korean hacking groups have exploited a recent TeamCity vulnerability and Microsoft warns of potential supply chain attacks. The post North Korean Hackers Exploiting Recent TeamCity Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

North Korean Hackers Exploiting Recent TeamCity Vulnerability Read More »

Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk

Curl, CVE-2023-38545, ICS/OT, libcurl, memory corruption, Supply Chain Security, Vulnerabilities /

Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk 11/10/2023 at 19:01 By Ryan Naraine Flaw poses a direct threat to the SOCKS5 proxy handshake process in cURL and can be exploited remotely in some non-standard configurations. The post Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk Read More »

US Government Releases Security Guidance for Open Source Software in OT, ICS

Government, guidance, ICS, ICS/OT, open source, OT, Supply Chain Security /

US Government Releases Security Guidance for Open Source Software in OT, ICS 11/10/2023 at 17:02 By Ionut Arghire CISA, FBI, NSA, and US Treasury published new guidance on improving the security of open source software in OT and ICS. The post US Government Releases Security Guidance for Open Source Software in OT, ICS appeared first

React to this headline:

Loading spinner

US Government Releases Security Guidance for Open Source Software in OT, ICS Read More »

Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions

China, Huawei, Supply Chain Security /

Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions 07/10/2023 at 15:47 By Associated Press Taiwan authorities are investigating four Taiwan-based companies suspected of helping China’s Huawei Technologies to build semiconductor facilities. The post Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions appeared first

React to this headline:

Loading spinner

Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions Read More »

GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks

cloud security, Risk Management, Supply Chain Security /

GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks 05/10/2023 at 19:02 By Ionut Arghire GitHub beefs up its secret scanning feature, now allowing users to check the validity of exposed credentials for major cloud services. The post GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks Read More »

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol

Identity & Access, open source, supply chain, Supply Chain Security /

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol 05/10/2023 at 15:31 By Eduard Kovacs The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security.  The post Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol Read More »

CISA Unveils New HBOM Framework to Track Hardware Components

CISA, Government, Hardware supply chain, SBOM, Security Infrastructure, Supply Chain Security /

CISA Unveils New HBOM Framework to Track Hardware Components 27/09/2023 at 18:16 By Ryan Naraine CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products. The post CISA Unveils New HBOM Framework to Track Hardware Components appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

CISA Unveils New HBOM Framework to Track Hardware Components Read More »

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

Artificial Intelligence, cloud security, Data Exposure, GitHub, Microsoft, Supply Chain Security, Wiz /

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages 18/09/2023 at 21:18 By Ryan Naraine Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. The post Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages appeared first on

React to this headline:

Loading spinner

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages Read More »

Webinar Tomorrow: Unpacking the Secure Supply Chain Consumption Framework (S2C2F)

Supply Chain Security /

Webinar Tomorrow: Unpacking the Secure Supply Chain Consumption Framework (S2C2F) 06/09/2023 at 20:01 By SecurityWeek News Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain. The post Webinar Tomorrow: Unpacking the Secure Supply Chain Consumption Framework (S2C2F) appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Webinar Tomorrow: Unpacking the Secure Supply Chain Consumption Framework (S2C2F) Read More »

New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack

China, Malware & Threats, supply chain, Supply Chain Security /

New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack 22/08/2023 at 14:33 By Ionut Arghire A new APT group called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong. The post New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack appeared first

React to this headline:

Loading spinner

New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack Read More »

Scroll to Top