Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

Securing the Supply Chain - Automating our Way Out of Security Whack-a-Mole

Apr 26, 2024 By GitGuardian In GitGuardian
Open-source components forever changed how we build software, but they are also a prominent security threat, nothing illustrated this better than the recent XZ library incident where the world narrowly avoided a massive supply chain attack. Join Gene Gotimer and Mackenzie Jackson to discuss how we can keep our open-source supply chains secure as we discuss: Security implications of vulnerable open-source components How using automation can help us move toward a secure supply chain How to discover and detect vulnerable components.
View Video
bitsight

Championing Supply Chain Cybersecurity Amid Evolving Regulations-A New CISO Imperative

Apr 18, 2024 By Sabrina Pagnotta In BitSight
Supply chain cybersecurity and resilience have become pivotal across various cyber regulations, most notably NIS2 and DORA. In this blog, stemming from our latest ebook '5 Proven Strategies to Maximize Supply Chain Cyber Risk Management’, we will explore the reasons why resilience is a new mandate for CISOs today and, most importantly, how to secure the supply chain at scale—in line with evolving regulatory requirements.
Read Post
tripwire

Supply Chain Cybersecurity - the importance of everyone

Apr 18, 2024 By Gary Hibberd In Tripwire
I’m always surprised – and a little disappointed – at how far we have to go before supply chain cybersecurity gets the respect and attention it deserves. I sat down this week with a new client who wanted some help addressing several internal issues surrounding their IT systems. When I asked them about their relationship with the supplier – essentially, how was their supply chain cybersecurity? - their response was not only worrying but, unfortunately, quite typical.
Read Post
securitysenses

Many industries could benefit from the advantages of blockchain

Apr 12, 2024 By SecuritySenses In SecuritySenses
Blockchain technology has been a subject of discussion for some quite already but now has begun to be used in several industries, as it brings plenty of advantages. The widespread use of blockchain has happened due to the extraordinary features that can potentially solve numerous complications businesses face in their operations.
Read Post
Arctic Wolf

Beyond Sisense: Navigating the Rising Tide of Supply Chain Attacks

Apr 12, 2024 By Dan Schiappa In Arctic Wolf
Threat actors looking to maximize the amount of money they can make and chaos they can cause have once again chosen the supply chain as their target of attack. On Thursday, April 11, the Cybersecurity & Infrastructure Agency (CISA) warned customers of Sisense, a company that provides data analytics services to thousands of international companies, that they should reset their credentials for Sisense services and look out for suspicious activity involving their services.
Read Post
synopsys

Securing the software supply chain with Black Duck Supply Chain Edition

Apr 9, 2024 By Mike McGuire In Synopsys
Each year, our "Open Source Security and Risk Analysis” (OSSRA) report highlights the fact that open source software (OSS) plays a critical and substantial role in modern application development, and it is therefore foundational to the software supply chain. The prevalence of OSS within commercial applications makes it difficult to track, and that makes it difficult to manage the risk that it may introduce.
Read Post

Mitigate Upstream Risk in your Software with Black Duck Supply Chain Edition | Synopsys

Apr 9, 2024 By Synopsys In Synopsys
In this video, we introduce the new Black Duck Supply Chain Edition, which provides a full range of supply chain security capabilities to teams responsible for building secure, compliant applications. With third-party SBOM import and analysis, malware detection, and export options in SPDX or CycloneDX formats, teams can establish complete supply chain visibility, identify and mitigate risk, and align with customer and industry requirements.
View Video
cyberint

The Weak Link: Recent Supply Chain Attacks Examined

Apr 8, 2024 By Shmuel Gihon In Cyberint
Supply chain attacks are a growing and increasingly sophisticated form of cyber threat. They target the complex network of relationships between organizations and their suppliers, vendors, and third-party service providers. These attacks exploit vulnerabilities that emerge due to the interconnected nature of digital supply chains, which often span multiple organizations, systems, and geographies.
Read Post
armo

Yet another reason why the xz backdoor is a sneaky b@$tard

Apr 3, 2024 By Ben Hirschberg In ARMO
A contributor to the liblzma library (a compression library that is used by the OpenSSH project, among many others) submitted malicious code that included an obfuscated backdoor. Since the maintainers had no reason to suspect foul play, they accepted and merged the contribution. The malicious code made it into the compression library release, and later on to the OpenSSH server, which relies on the library in question.
Read Post
CrowdStrike

CVE-2024-3094 and the XZ Upstream Supply Chain Attack: What You Need to Know

Apr 2, 2024 By Dumitra Dragos - Amit Serper - Suraj Sahu In CrowdStrike
CrowdStrike is committed to protecting our customers from the latest and most sophisticated cybersecurity threats. We are actively monitoring activity surrounding CVE-2024-3094, a recently identified vulnerability in XZ Utils.
Read Post
Subscribe to Supply Chain

Copyright © 2024 OpsMatters™. All rights reserved.