Supply Chain Security

Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions

China, Huawei, Supply Chain Security /

Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions 07/10/2023 at 15:47 By Associated Press Taiwan authorities are investigating four Taiwan-based companies suspected of helping China’s Huawei Technologies to build semiconductor facilities. The post Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions appeared first […]

Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions Read More »

GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks

cloud security, Risk Management, Supply Chain Security /

GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks 05/10/2023 at 19:02 By Ionut Arghire GitHub beefs up its secret scanning feature, now allowing users to check the validity of exposed credentials for major cloud services. The post GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks appeared first on SecurityWeek. This article

GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks Read More »

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol

Identity & Access, open source, supply chain, Supply Chain Security /

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol 05/10/2023 at 15:31 By Eduard Kovacs The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security.  The post Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol Read More »

CISA Unveils New HBOM Framework to Track Hardware Components

CISA, Government, Hardware supply chain, SBOM, Security Infrastructure, Supply Chain Security /

CISA Unveils New HBOM Framework to Track Hardware Components 27/09/2023 at 18:16 By Ryan Naraine CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products. The post CISA Unveils New HBOM Framework to Track Hardware Components appeared first on SecurityWeek. This article is an

CISA Unveils New HBOM Framework to Track Hardware Components Read More »

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

Artificial Intelligence, cloud security, Data Exposure, GitHub, Microsoft, Supply Chain Security, Wiz /

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages 18/09/2023 at 21:18 By Ryan Naraine Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. The post Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages appeared first on

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages Read More »

Webinar Tomorrow: Unpacking the Secure Supply Chain Consumption Framework (S2C2F)

Supply Chain Security /

Webinar Tomorrow: Unpacking the Secure Supply Chain Consumption Framework (S2C2F) 06/09/2023 at 20:01 By SecurityWeek News Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain. The post Webinar Tomorrow: Unpacking the Secure Supply Chain Consumption Framework (S2C2F) appeared first on SecurityWeek. This article is

Webinar Tomorrow: Unpacking the Secure Supply Chain Consumption Framework (S2C2F) Read More »

New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack

China, Malware & Threats, supply chain, Supply Chain Security /

New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack 22/08/2023 at 14:33 By Ionut Arghire A new APT group called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong. The post New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack appeared first

New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack Read More »

Google Brings AI Magic to Fuzz Testing With Eye-Opening Results

Application Security, Supply Chain Security, Vulnerabilities /

Google Brings AI Magic to Fuzz Testing With Eye-Opening Results 17/08/2023 at 20:46 By Ryan Naraine Google sprinkles magic of generative-AI into its open source fuzz testing infrastructure and finds immediate success with code coverage. The post Google Brings AI Magic to Fuzz Testing With Eye-Opening Results appeared first on SecurityWeek. This article is an

Google Brings AI Magic to Fuzz Testing With Eye-Opening Results Read More »

CISA Calls Urgent Attention to UEFI Attack Surfaces

Government, IoT Security, Supply Chain Security /

CISA Calls Urgent Attention to UEFI Attack Surfaces 04/08/2023 at 03:03 By Ryan Naraine The US government’s cybersecurity agency describes UEFI as “critical attack surface” that requires urgent security attention. The post CISA Calls Urgent Attention to UEFI Attack Surfaces appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

CISA Calls Urgent Attention to UEFI Attack Surfaces Read More »

Software Supply Chain Startup Endor Labs Scores Massive $70M Series A Round

Endor Labs, Funding/M&A, Supply Chain Security, Varun Badhwar /

Software Supply Chain Startup Endor Labs Scores Massive $70M Series A Round 03/08/2023 at 11:04 By Ryan Naraine Endor Labs has closed a massive $70 million Series A round of financing to fuel ambitious plans to build a dependency lifecycle management platform.   The post Software Supply Chain Startup Endor Labs Scores Massive $70M Series A

Software Supply Chain Startup Endor Labs Scores Massive $70M Series A Round Read More »

Socket Scores $20M as Investors Bet on Software Supply Chain Security Startups

Funding/M&A, Socket, Supply Chain Security, VC funding /

Socket Scores $20M as Investors Bet on Software Supply Chain Security Startups 01/08/2023 at 17:34 By Ryan Naraine San Francisco startup Socket raises $20 million as investors continue to bet on companies in the open source software security category. The post Socket Scores $20M as Investors Bet on Software Supply Chain Security Startups appeared first

Socket Scores $20M as Investors Bet on Software Supply Chain Security Startups Read More »

Verifying Software Integrity With Sigstore

software, Supply Chain Security /

Verifying Software Integrity With Sigstore 11/07/2023 at 17:48 By Matt Honea Signing code is very important to defend against supply chain attacks, but it’s also one of the most cumbersome to implement for internal development. The post Verifying Software Integrity With Sigstore appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

Verifying Software Integrity With Sigstore Read More »

Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech

credentials, Funding/M&A, Infisical, open source, secrets sprawl, Supply Chain Security /

Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech 05/07/2023 at 19:47 By Ryan Naraine Infisical banks $2.8 million in seed funding as investors continue to bet on companies in the software supply chain security space. The post Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech appeared first on SecurityWeek. This article

Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech Read More »

Rapid7: Japan Threat Landscape Takes on Global Significance

APT, Cyberwarfare, Japan, Nation-State, Ransomware, Supply Chain Security /

Rapid7: Japan Threat Landscape Takes on Global Significance 29/06/2023 at 18:46 By Kevin Townsend Rapid7 analyzes the Japan threat landscape and warns that attacks against the third-largest economy in the world have global consequences. The post Rapid7: Japan Threat Landscape Takes on Global Significance appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Rapid7: Japan Threat Landscape Takes on Global Significance Read More »

HashiCorp Buys BluBracket for Secrets Scanning Tech

BluBracket, Funding/M&A, HashiCorp, M&A Tracker, secrets scanning, supply chain, Supply Chain Security /

HashiCorp Buys BluBracket for Secrets Scanning Tech 27/06/2023 at 23:24 By Ryan Naraine HashiCorp acquires BluBracket secrets-scanning technology to help businesses block accidental leaks and fight secret sprawl. The post HashiCorp Buys BluBracket for Secrets Scanning Tech appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

HashiCorp Buys BluBracket for Secrets Scanning Tech Read More »

Software Supply Chain: The Golden Container Ship

SBOM, Supply Chain Security, Vulnerabilities /

Software Supply Chain: The Golden Container Ship 12/06/2023 at 15:18 By Matt Honea By having a golden image you will put a process in place that allows you to quickly take action when a vulnerability is found within your organization. The post Software Supply Chain: The Golden Container Ship appeared first on SecurityWeek. This article

Software Supply Chain: The Golden Container Ship Read More »

SBOMs – Software Supply Chain Security’s Future or Fantasy?

Featured, Government, Government Policy, open source, SBOM, software, Supply Chain Security, Vulnerabilities /

SBOMs – Software Supply Chain Security’s Future or Fantasy? 05/06/2023 at 14:39 By Kevin Townsend If after eighteen months, meaningful use of SBOMs is unachievable, we need to ask what needs to be done to fulfill Biden’s executive order. The post SBOMs – Software Supply Chain Security’s Future or Fantasy? appeared first on SecurityWeek. This

SBOMs – Software Supply Chain Security’s Future or Fantasy? Read More »

Researchers Spot APTs Targeting Small Business MSPs

APT, Nation-State, Ransomware, Supply Chain Security /

Researchers Spot APTs Targeting Small Business MSPs 24/05/2023 at 21:37 By Ryan Naraine Proofpoint warns that APT actors linked to Russia Iran and North Korea are increasingly targeting small- and medium-sized businesses. The post Researchers Spot APTs Targeting Small Business MSPs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

Researchers Spot APTs Targeting Small Business MSPs Read More »

Red Hat Pushes New Tools to Secure Software Supply Chain

Application Security, open source, Red Hat, Supply Chain Security /

Red Hat Pushes New Tools to Secure Software Supply Chain 23/05/2023 at 17:49 By Ryan Naraine Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain. The post Red Hat Pushes New Tools to Secure Software Supply Chain appeared first on

Red Hat Pushes New Tools to Secure Software Supply Chain Read More »

China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States

China, Supply Chain Security /

China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States 22/05/2023 at 14:20 By Associated Press China’s government told users of computer equipment deemed sensitive to stop buying products from the biggest U.S. memory chipmaker, Micron. The post China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud

China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States Read More »

Scroll to Top