Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Securing the Digital Supply Chain Ep. 10 - Peeyush Ranjan

Apr 22, 2022 By Riscosity In Riscosity
An amazing conversation with Peeyush Ranjan, Engineering VP at a Fortune 50 organization. Peeyush coined an amazing term - "Diffused Responsibility" - this is the reason why we all, in different silos, development, security, GRC, legal have to try harder and pull towards the same goal. In fact the example used - of a sports team, getting the pigskin over the line is a very apt one.
View Video
mend

Software Supply Chain Security: The Basics and Four Critical Best Practices

Apr 21, 2022 By Adam Murray In Mend

Enterprise software projects increasingly depend on third-party and open source components. These components are created and maintained by individuals who are not employed by the organization developing the primary software, and who do not necessarily use the same security policies as the organization. This poses a security risk, because differences or inconsistencies between these policies can create overlooked areas of vulnerability that attackers seek to exploit.

Read Post
upguard

The Biggest Security Risks in Your Supply Chain in 2022

Apr 3, 2022 By Edward Kost In UpGuard

The SolarWinds supply chain attack highlighted how vulnerable supply chains are to cyberattacks. Supply chain risk mitigation has since become an essential component of risk management strategies and information security programs. To support the success of this effort, we’ve listed the top 4 supply chain security risks you need to be aware of in 2022.

Read Post
mend

Automated Software Supply Chain Attacks: Should You be Worried?

Apr 1, 2022 By Tamir Ben Ari In Mend

From the factory floor to online shopping, the benefits of automation are clear: Larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing malicious packages, the threat actor behind this campaign has taken things to a new scale.

Read Post

How to Mitigate Risks in Software Supply Chain Security

Mar 24, 2022 By Snyk In Snyk
In this session, Mic McCully and Jake Williams explore the software supply chain as an attack vector – by identifying risks and mitigation strategies throughout the software development processes and environment. Watch this to learn how you can meet new requirements and protect your software from these attacks. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
View Video
Trustwave

Trustwave's Action Response: The Lapsus$ Hacker Group Shows Us the Importance of Securing the Digital Supply Chain

Mar 23, 2022 By Trustwave In Trustwave

Trustwave is actively tracking the threat of Lapsus$ for our clients. We encourage all organizations, especially those part of the digital supply chain, to remain vigilant and ensure that cyber best practices are implemented. We are actively investigating all unusual login behaviors for clients that use Okta. For more information on the Okta incident, please visit their blog. Trustwave does not use Okta. Actionable security recommendations for organizations can be found below.

Read Post
Snyk

Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine

Mar 16, 2022 By Liran Tal In Snyk

On March 15, 2022, users of the popular Vue.js frontend JavaScript framework started experiencing what can only be described as a supply chain attack impacting the npm ecosystem. This was the result of the nested dependencies node-ipc and peacenotwar being sabotaged as an act of protest by the maintainer of the node-ipc package.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.