supply chain compromise
Where does the SME fit into a supply chain attack?
“No business is an island, entire of itself” (with apologies to John Donne). Businesses have connections to other businesses, who supply them with goods, and whom they supply …
Manufacturers turning to zero trust to better secure their networks
In response to the 62% global increase in ransomware since 2019 (158% increase in North America) and over 40% of manufacturing firms suffering a cyberattack last year, Onclave …
Who is responsible for improving security in the software development environment?
Venafi announced the findings of a global survey that evaluates the impact of software supply chain attacks like SolarWinds/SUNBURST, CodeCov and Kaseya/REvil on how …
Physical threats increase as employees return to the office
As COVID-19 vaccinations continue, companies embrace hybrid work, employees return to the office and the U.S. opens up, violence and physical threats to businesses are …
79% of organizations identify threat modeling as a top priority in 2021
Security Compass published the results of a report designed to provide a better understanding of the current state of threat modeling in mid-sized, $100M to $999M and large …
Top application security challenges: Bad bots, broken APIs, and supply chain attacks
Vanson Bourne surveyed 750 application security decision makers responsible for their organization’s application development and security to get their perspectives on data …
Commercial third party code creating security blind spots
Despite the fact that third party code in IoT projects has grown 17% in the past five years, only 56% of OEMs have formal policies for testing security, a VDC Research …
3 areas of implicitly trusted infrastructure that can lead to supply chain compromises
The SolarWinds compromise in December 2020 and the ensuing investigation into their build services put a spotlight on supply chain attacks. This has generated a renewed …
4 things you can do to minimize cyberattacks on supply and value chains
Supply chain attacks target the weakest spot in most every enterprise’s security program: third-party access. The SolarWinds hack was a classic supply chain attack, …
The growing threat to CI/CD pipelines
Before the pandemic, most modern organizations had recognized the need to innovate to support developers’ evolving workflows. Today, rapid digitalization has placed a …
Nearly 40% of new ransomware families use both data encryption and data theft in attacks
Data-stealing ransomware attacks, information harvesting malware, and supply chain attacks are among the critical threats to organizations, according to F-Secure. One of the …
Attackers tried to insert backdoor into PHP source code
The PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers. What happened? “[On Sunday, March 28] …