Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

neosystems

How (and Why) Cyber Attacks are Exploiting the Supply Chain

Dec 19, 2024 By Stuart Itkin In NeoSystems
Your business is a link in one or more supply chains. Your business depends on those who supply to you, and in turn those you supply to (and their customers and their customers’ customers) depend on you. Any disruption at any point affects the flow of goods, services, and information affecting others in the supply chain. It’s important that we understand the risk in our supply chain and the potential risk we pose to our customers, especially cyber-related risk. Why?
Read Post
SecurityScorecard

Securing Your Healthcare Supply Chain: A Guide to Supply Chain Detection and Response

Dec 17, 2024 By SecurityScorecard In SecurityScorecard
The Evolving Threat Landscape In today’s interconnected healthcare landscape, supply chain security has emerged as a critical concern. Cyber threats are becoming increasingly sophisticated, targeting vulnerable points in the supply chain to infiltrate networks and steal sensitive patient data. As a result, healthcare organizations must prioritize the security of their vendors and partners to protect their own operations and patient information. What is Supply Chain Detection and Response?
Read Post
SecurityScorecard

How SecurityScorecard's Supply Chain Detection and Response Protects Financial Institutions

Dec 12, 2024 By SecurityScorecard In SecurityScorecard
As financial institutions continue to expand their digital ecosystems, the growing reliance on third-party vendors and service providers introduces significant cyber risks. With a majority of data breaches linked to vulnerabilities in the supply chain, managing these risks has become a necessity.
Read Post
gitguardian

The Ultralytics Supply Chain Attack: Connecting the Dots with GitGuardian's Public Monitoring Data

Dec 11, 2024 By Guillaume Valadon In GitGuardian
On December 4, 2024, the Ultralytics Python module was backdoored to deploy a cryptominer. Using GitGuardian’s data, we reconstructed deleted commits, connecting the dots with the initial analysis. This investigation highlights the value of GitGuardian’s data in understanding supply chain attacks.
Read Post
Snyk

Ultralytics AI Pwn Request Supply Chain Attack

Dec 11, 2024 By Stephen Thoemmes In Snyk
The ultralytics supply chain attack occurred in two distinct phases between December 4-7, 2024. In the first phase, two malicious versions were published to PyPI: version 8.3.41 was released on December 4 at 20:51 UTC and remained available for approximately 12 hours until its removal on December 5 at 09:15 UTC. Version 8.3.42 was published shortly after on December 5 at 12:47 UTC and was available for about one hour before removal at 13:47 UTC.
Read Post
mend

The @Solana/web3.js Incident: Another Wake-Up Call for Supply Chain Security

Dec 5, 2024 By Tom Abai In Mend
On December 2, 2024, the Solana community faced a significant security incident involving the @solana/web3.js npm package, a critical library for developers building on the Solana blockchain with over 450K weekly downloads. This blog post aims to break down the attack flow, explore how it happened, and discuss the importance of supply chain security.
Read Post
ciso global

The Global Effort to Maintain Supply Chain Security | Part Two

Nov 7, 2024 By Various Cybersecurity Experts In CISO Global
A well-run kitchen requires a fully stocked pantry and a clear understanding of what’s on hand. In cybersecurity, your pantry is your asset inventory—every server, every piece of software, and even those firmware components lurking in the background. You wouldn’t want to cook without knowing exactly what ingredients are available, and you don’t want to secure your supply chain without knowing what’s in your digital inventory.
Read Post
upguard

What is Cyber Supply Chain Risk Management?

Oct 31, 2024 By Edward Kost In UpGuard
Cyber supply chain risk management (C-SCRM) is the process of identifying, assessing, and mitigating cybersecurity risks associated with an organization’s supply chain. Supply chains comprise multiple attack vectors, ranging from procurement tools to suppliers, developers, and third-party services. The complexity of this attack surface warrants a risk management strategy focused on supply chain risks as an extension to an existing third-party risk management program.
Read Post
Featured Post
cycognito

What Security Teams Need to Know About the EU's NIS 2 Directive

Oct 24, 2024 By Graham Rance, VP Global Pre-Sales In CyCognito
The deadline to get compliant with the EU's NIS 2 Directive is here. And this isn't just a minor update from its NIS 1 predecessor-it's a major expansion that carries with it new challenges and obligations. The directive now covers a whopping 300,000 organizations, up from just 20,000 under NIS 1. Sectors like aerospace, public administration, digital services, postal and courier services, and food production are now included. Organizations are classified into "essential" or "important" entities based on size and criticality to the economy.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.