Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

splunk

The Devil's in the Data

Jun 28, 2023 By Lerry Wilson In Splunk
The pandemic highlighted the fragility of the global supply chain ecosystem. Now every company is striving to ensure they will never be crippled by unforeseen supply chain issues. Mentions of “supply chain” in US SEC-filed annual reports more than doubled from 2019 to 2021 to nearly 5,000 as chief supply chain officers were reluctantly escorted into boardroom discussions to explain the business risk to their company.
Read Post
mend

Five Tips for Using SBOMs to Boost Supply Chain Security

Jun 28, 2023 By Rhys Arkins In Mend

A Software Bill of Materials (SBOM) is a key cyber defense item — it identifies what’s in your software, applications, and code base so that you can detect and mitigate risk more effectively. This is useful when it comes to application security because companies can only detect and fix vulnerabilities if they know what’s there in the first place. SBOMs give you that visibility. Consequently, SBOMs are now a “must-have” tool for most companies.

Read Post
stripe olt

MOVEit Supply Chain Attack

Jun 23, 2023 By Stripe OLT In Stripe OLT

On the 31st of May 2023 a public warning was issued by MOVEit, regarding a critical SQL injection vulnerability found in in their systems. This vulnerability allowed malicious actors to gain access to the database. The flaw, known as CVE-2023-34362, was identified on the 2nd of June, but it had already been exploited four days before the alert. By the end of May, approximately 2,500 instances of MOVEit file transfers were discovered to be exposed online, primarily in the United States.

Read Post
Featured Post
cato networks

Exploiting ancient vulnerabilities: How did the 3CX supply chain attack occur and what can we learn from it?

Jun 22, 2023 By Etay Maor, Senior Director of Security Strategy In Cato Networks
On March 29th, North-Korean linked threat-actors targeted 3CX, a VoIP IPX developer, exploiting a 10-year-old vulnerability (CVE-2013-3900) that made executables appear to be legitimately signed by Microsoft when, in fact, they were being used to distribute malware. The 3CX attack is just the latest in a series of high-profile supply chain attacks over the past year. The SolarWinds attack compromised the Orion system, affecting thousands of organizations, and the Kaseya VSA attack that was used to deliver REvil ransomware also to thousands of organizations and is considered one of the largest security breaches of the 21st century.
Read Post
SecurityScorecard

Managing Cyber Risk in the Insurance Supply Chain

Jun 20, 2023 By SecurityScorecard In SecurityScorecard

This week in London, SecurityScorecard hosted a roundtable discussion on cyber risk in the insurance supply chain. Keynote speaker Santosh Pandit, head of Cybersecurity at the Bank of England, shared his insights with 20 London-based insurers on managing cyber risk in the financial sector and the latest regulatory initiatives that may impact the insurance industry.

Read Post
tripwire

How to Protect Against the Four Largest Cybersecurity Threats to Your Supply Chain

Jun 19, 2023 By Tripwire Guest Authors In Tripwire

Digital technology is becoming an increasingly essential part of nearly every industry, and supply chains are no exception. In recent years, supply chains have become more dependent on digital solutions, from manufacturing, packing, and shipping processes, to storing records in the cloud. While digital technology increases speed, efficiency, and interconnectivity across industries, this increased complexity can also lead to higher gaps in cybersecurity.

Read Post
cyberint

MOVEit Supply Chain Attack Campaign Update

Jun 18, 2023 By Coral Tayar In Cyberint
In the past two weeks, three new vulnerabilities in the the MOVEit file transfer software have been discovered, including one over the weekend. The MOVEit file transfer software is used by around 1700 organizations worldwide. As in most cases when supply chain modules are being compromised, the impact is lethal as big companies such as the BBC and Zellis have been targeted.
Read Post
rezilion

The Biggest Risks to the Software Supply Chain

Jun 12, 2023 By Rezilion In Rezilion

Software supply chain risks is an increasingly hot topic because attention to the supply chain has grown in recent years. Its importance has naturally attracted the attention of hackers, so protecting the software supply chain is paramount. A 2023 software supply study found that organizations recognize, and have been impacted by, software supply chain security threats.

Read Post
riscosity

ChatGPT and Software Supply Chain Risks

Jun 8, 2023 By Security Guest Expert In Riscosity

While some of the obvious misuse of ChatGPT in the world of cyber security was not unexpected – asking the artificial intelligence to write harder-to-detect malware and easier-to-convince phishing emails – a new threat has emerged that can leverage the very nature of the large language model. Ultimately, ChatGPT is a learning machine, and bases its answers on information it sources from the Internet.

Read Post
Subscribe to Supply Chain

Copyright © 2024 OpsMatters™. All rights reserved.