Supply Chain Security

XZ Utils Backdoor Attack Brings Another Similar Incident to Light

XZ Utils Backdoor Attack Brings Another Similar Incident to Light 2024-04-03 at 14:16 By Eduard Kovacs The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago. The post XZ Utils Backdoor Attack Brings Another Similar Incident to Light appeared first on SecurityWeek. This article […]

XZ Utils Backdoor Attack Brings Another Similar Incident to Light Read More »

Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor

Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor 2024-04-01 at 17:16 By Ionut Arghire Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions. The post Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor appeared first on

Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor Read More »

Malware Upload Attack Hits PyPI Repository

Malware Upload Attack Hits PyPI Repository 2024-03-28 at 20:31 By Ryan Naraine Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign. The post Malware Upload Attack Hits PyPI Repository appeared first on SecurityWeek. This article is an excerpt from

Malware Upload Attack Hits PyPI Repository Read More »

Binarly Attracts $10.5M to Tackle Software Supply Chain Security

Binarly Attracts $10.5M to Tackle Software Supply Chain Security 2024-03-26 at 22:47 By SecurityWeek News Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital. The post Binarly Attracts $10.5M to Tackle Software Supply Chain Security appeared first on SecurityWeek. This article is an excerpt from

Binarly Attracts $10.5M to Tackle Software Supply Chain Security Read More »

Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024 

Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024  2024-03-20 at 14:01 By SecurityWeek News Join the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues The post Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024  appeared first on SecurityWeek. This article

Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024  Read More »

SecurityWeek Cyber Insights 2024 Series

SecurityWeek Cyber Insights 2024 Series 2024-03-11 at 16:01 By Kevin Townsend Cyber Insights 2024 talks to hundreds of industry experts from dozens of companies covering seven primary topics. The post SecurityWeek Cyber Insights 2024 Series appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

SecurityWeek Cyber Insights 2024 Series Read More »

Cyber Insights 2024: Supply Chain 

Cyber Insights 2024: Supply Chain  2024-02-20 at 16:16 By Kevin Townsend Supply chain security insights: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers. The post Cyber Insights 2024: Supply Chain  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Cyber Insights 2024: Supply Chain  Read More »

AnyDesk Revokes Passwords, Certificates in Response to Hack

AnyDesk Revokes Passwords, Certificates in Response to Hack 2024-02-05 at 13:01 By Eduard Kovacs AnyDesk is revoking certificates and passwords in response to a recently discovered security breach impacting production systems. The post AnyDesk Revokes Passwords, Certificates in Response to Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

AnyDesk Revokes Passwords, Certificates in Response to Hack Read More »

New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security

New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security 2024-01-25 at 16:46 By Kevin Townsend Two new products aim to secure the traditional OSS supply chain, and the new AI model software supply chain. The post New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security appeared first on SecurityWeek. This article

New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security Read More »

Software Supply Chain Security Startup Kusari Raises $8 Million 

Software Supply Chain Security Startup Kusari Raises $8 Million  2024-01-18 at 17:03 By Ionut Arghire Kusari has raised $8 million to help organizations gain visibility into and secure their software supply chain. The post Software Supply Chain Security Startup Kusari Raises $8 Million  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

Software Supply Chain Security Startup Kusari Raises $8 Million  Read More »

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation 2024-01-16 at 16:16 By Ryan Naraine Quarkslab finds serious, remotely exploitable vulnerabilities in EDK II, the de-facto open source reference implementation of the UEFI spec. The post Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation appeared first on SecurityWeek. This article

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation Read More »

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise 2024-01-12 at 14:31 By Ionut Arghire Researchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners. The post New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise appeared first on SecurityWeek. This article

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise Read More »

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack 

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack  2024-01-08 at 15:46 By Ionut Arghire Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks. The post Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack  Read More »

NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity

NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity 18/12/2023 at 17:16 By Ionut Arghire NSA has published guidance to help organizations incorporate SBOM to mitigate supply chain risks. The post NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity Read More »

Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies

Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies 14/12/2023 at 14:35 By Ionut Arghire US, UK, and Poland warn of Russia-linked cyberespionage group’s broad exploitation of recent TeamCity vulnerability. The post Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies Read More »

North Korean Software Supply Chain Attack Hits North America, Asia 

North Korean Software Supply Chain Attack Hits North America, Asia  24/11/2023 at 15:46 By Eduard Kovacs North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply chain attack. The post North Korean Software Supply Chain Attack Hits North America, Asia  appeared

North Korean Software Supply Chain Attack Hits North America, Asia  Read More »

Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets

Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets 22/11/2023 at 20:31 By Ryan Naraine Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking supply chain attack bomb.” The post Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets appeared first on

Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets Read More »

US Government Issues Guidance on SBOM Consumption

US Government Issues Guidance on SBOM Consumption 10/11/2023 at 15:01 By Ionut Arghire CISA, NSA, and ODNI issue new guidance on managing open source software and SBOMs to maintain awareness on software security. The post US Government Issues Guidance on SBOM Consumption appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

US Government Issues Guidance on SBOM Consumption Read More »

Risk Ledger Raises £6.25 Million for Supply Chain Security Solution

Risk Ledger Raises £6.25 Million for Supply Chain Security Solution 09/11/2023 at 15:48 By Ionut Arghire UK-based Risk Ledger has raised £6.25 million (~$7.65 million) in Series A funding to prevent supply chain attacks. The post Risk Ledger Raises £6.25 Million for Supply Chain Security Solution appeared first on SecurityWeek. This article is an excerpt

Risk Ledger Raises £6.25 Million for Supply Chain Security Solution Read More »

Supply Chain Startup Chainguard Scores $61 Million Series B

Supply Chain Startup Chainguard Scores $61 Million Series B 01/11/2023 at 18:47 By Ryan Naraine Washington startup Chainguard banks $61 million in new financing as investors make hefty wagers on software supply chain security companies. The post Supply Chain Startup Chainguard Scores $61 Million Series B appeared first on SecurityWeek. This article is an excerpt

Supply Chain Startup Chainguard Scores $61 Million Series B Read More »

Scroll to Top