Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

jfrog

Defend Your Software Supply Chain by Curating Open-Source Packages Entering Your Organization | Announcing JFrog Curation

Jul 12, 2023 By Asaf Karas In JFrog

Modern organizations are constantly striving to gain a competitive advantage by delivering software solutions at a remarkable pace. To achieve this, they heavily rely on open-source software (OSS) libraries and packages, which constitute a significant portion (80-90%) of their software solution. However, while open-source software offers numerous benefits, it also presents potential security challenges.

Read Post
bitsight

What is cyber risk exposure and how can you manage it?

Jul 11, 2023 By Sabrina Pagnotta In BitSight
Cybersecurity is not an easy task. New threats are constantly emerging—in your IT infrastructure and that of your vendors and partners. But, as a cybersecurity leader, you can help your organization mitigate these threats if you adopt cyber risk exposure management practices. In this blog, we explore everything you need to know about how cyber risk exposure and management can help you reduce the risk of gaps and vulnerabilities in your network and across your third-party supply chain.
Read Post
appknox

SBOM to Improve Software Supply Chain Security

Jul 7, 2023 By Raghunandan J In Appknox

As software systems become more intricate and the use of third-party components increases, the security risks within the software supply chain also escalate. To combat these risks, organizations are turning to the Software Bill of Materials (SBOM) as a valuable tool. This blog will guide you through the concept of SBOM and its impact on software supply chain security.

Read Post
mend

How Does SLSA Help Strengthen Software Supply Chain Security?

Jul 7, 2023 By Adam Murray In Mend

A relatively new way of strengthening your software supply chain security is to apply Supply Chain Levels for Software Artifacts (SLSA) in tandem with other tools such as software bills of materials (SBOMs), software composition analysis (SCA) for open source, and static application security testing (SAST) for proprietary code. Let’s take a look at what SLSA is and how its different levels work.

Read Post
rezilion

AppSec and Software Supply Chain Security: How Do They Go Together?

Jul 5, 2023 By Rezilion In Rezilion

AppSec and Software Supply Chain Security are two terms more frequently used as part of DevOps, as well as when considering how to develop a security strategy. Software supply chain attacks are on the rise and organizations must brace for the strong possibility that their software supply chain will be a target–so much so that Gartner has projected that by 2025, supply chain risk management will be a key success driver for more than 50% of organizations.

Read Post
rezilion

Rezilion Report Finds World's Most Popular Generative AI Projects Present High Security Risk

Jun 28, 2023 By Rezilion In Rezilion
Rezilion announces a new report, "Expl[AI]ning the Risk: Exploring the Large Language Models (LLM) Open-Source Security Landscape," finding that the world's most-popular generative artificial intelligence (AI) projects present a high security risk to organizations.
Read Post
splunk

The Devil's in the Data

Jun 28, 2023 By Lerry Wilson In Splunk
The pandemic highlighted the fragility of the global supply chain ecosystem. Now every company is striving to ensure they will never be crippled by unforeseen supply chain issues. Mentions of “supply chain” in US SEC-filed annual reports more than doubled from 2019 to 2021 to nearly 5,000 as chief supply chain officers were reluctantly escorted into boardroom discussions to explain the business risk to their company.
Read Post
mend

Five Tips for Using SBOMs to Boost Supply Chain Security

Jun 28, 2023 By Rhys Arkins In Mend

A Software Bill of Materials (SBOM) is a key cyber defense item — it identifies what’s in your software, applications, and code base so that you can detect and mitigate risk more effectively. This is useful when it comes to application security because companies can only detect and fix vulnerabilities if they know what’s there in the first place. SBOMs give you that visibility. Consequently, SBOMs are now a “must-have” tool for most companies.

Read Post
stripe olt

MOVEit Supply Chain Attack

Jun 23, 2023 By Stripe OLT In Stripe OLT

On the 31st of May 2023 a public warning was issued by MOVEit, regarding a critical SQL injection vulnerability found in in their systems. This vulnerability allowed malicious actors to gain access to the database. The flaw, known as CVE-2023-34362, was identified on the 2nd of June, but it had already been exploited four days before the alert. By the end of May, approximately 2,500 instances of MOVEit file transfers were discovered to be exposed online, primarily in the United States.

Read Post
Featured Post
cato networks

Exploiting ancient vulnerabilities: How did the 3CX supply chain attack occur and what can we learn from it?

Jun 22, 2023 By Etay Maor, Senior Director of Security Strategy In Cato Networks
On March 29th, North-Korean linked threat-actors targeted 3CX, a VoIP IPX developer, exploiting a 10-year-old vulnerability (CVE-2013-3900) that made executables appear to be legitimately signed by Microsoft when, in fact, they were being used to distribute malware. The 3CX attack is just the latest in a series of high-profile supply chain attacks over the past year. The SolarWinds attack compromised the Orion system, affecting thousands of organizations, and the Kaseya VSA attack that was used to deliver REvil ransomware also to thousands of organizations and is considered one of the largest security breaches of the 21st century.
Read Post
Subscribe to Supply Chain

Copyright © 2024 OpsMatters™. All rights reserved.