supply chain compromise
![threat modeling](https://img.helpnetsecurity.com/wp-content/uploads/2021/04/28132258/threat_modeling-box-400x200.jpg)
79% of organizations identify threat modeling as a top priority in 2021
Security Compass published the results of a report designed to provide a better understanding of the current state of threat modeling in mid-sized, $100M to $999M and large …
![application](https://img.helpnetsecurity.com/wp-content/uploads/2016/03/09113933/application-400x200.jpg)
Top application security challenges: Bad bots, broken APIs, and supply chain attacks
Vanson Bourne surveyed 750 application security decision makers responsible for their organization’s application development and security to get their perspectives on data …
![editor](https://img.helpnetsecurity.com/wp-content/uploads/2018/03/09101605/editor-400x200.jpg)
Commercial third party code creating security blind spots
Despite the fact that third party code in IoT projects has grown 17% in the past five years, only 56% of OEMs have formal policies for testing security, a VDC Research …
![containers](https://img.helpnetsecurity.com/wp-content/uploads/2018/11/09095724/containers-400x200.jpg)
3 areas of implicitly trusted infrastructure that can lead to supply chain compromises
The SolarWinds compromise in December 2020 and the ensuing investigation into their build services put a spotlight on supply chain attacks. This has generated a renewed …
![idea](https://img.helpnetsecurity.com/wp-content/uploads/2020/05/17081348/table-idea-400x200.jpg)
4 things you can do to minimize cyberattacks on supply and value chains
Supply chain attacks target the weakest spot in most every enterprise’s security program: third-party access. The SolarWinds hack was a classic supply chain attack, …
![CI/CD pipelines](https://img.helpnetsecurity.com/wp-content/uploads/2021/03/28103505/ci_cd-400x200.jpg)
The growing threat to CI/CD pipelines
Before the pandemic, most modern organizations had recognized the need to innovate to support developers’ evolving workflows. Today, rapid digitalization has placed a …
![biohazard](https://img.helpnetsecurity.com/wp-content/uploads/2017/11/09102542/biohazard-400x200.jpg)
Nearly 40% of new ransomware families use both data encryption and data theft in attacks
Data-stealing ransomware attacks, information harvesting malware, and supply chain attacks are among the critical threats to organizations, according to F-Secure. One of the …
![PHP](https://img.helpnetsecurity.com/wp-content/uploads/2017/10/09102749/php-400x200.jpg)
Attackers tried to insert backdoor into PHP source code
The PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers. What happened? “[On Sunday, March 28] …
![bomb](https://img.helpnetsecurity.com/wp-content/uploads/2019/11/09092733/bomb-400x200.jpg)
Adversaries exploit supply chains, double down on COVID-19 and ransomware
Supply chain attacks, ransomware, data extortion and nation-state threats prove to be more prolific than ever, a CrowdStrike report suggests. eCrime attacks made up 79% of all …
![SolarWinds](https://img.helpnetsecurity.com/wp-content/uploads/2020/12/16140845/solarwinds-400x200.jpg)
SolarWinds hack investigation reveals new Sunspot malware
Crowdstrike researchers have documented Sunspot, a piece of malware used by the SolarWinds attackers to insert the Sunburst malware into the company’s Orion software. …
![risk](https://img.helpnetsecurity.com/wp-content/uploads/2016/12/09105446/risk-400x200.jpg)
2021 key risk areas beyond the pandemic
Healix International has identified six key areas of risk – besides the continued impact of COVID-19 – for global organizations in 2021. Natural disasters The increasing …
![SolarWinds](https://img.helpnetsecurity.com/wp-content/uploads/2020/12/16140845/solarwinds-400x200.jpg)
Microsoft was also a victim of the SolarWinds supply chain hack
Microsoft has confirmed that it, too, is among the companies who have downloaded the compromised SolarWinds Orion updates, but that they have isolated and removed them. …
Featured news
Sponsored
Don't miss
- ChatGPTriage: How can CISOs see and control employees’ AI use?
- Managing exam pressure: Tips for certification preparation
- Firmware update hides Bluetooth fingerprints
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)
- Risk related to non-human identities: Believe the hype, reject the FUD