supply chain - Tagged - Security Boulevard

GitHub Developers Targeted by North Korea’s Lazarus Group

Jeffrey Burt — Fri, 21 Jul 2023 19:51:33 +0000

The Lazarus Group is behind a social engineering campaign that uses repository invitations and malicious npm packages to target developers on GitHub.

The post GitHub Developers Targeted by North Korea’s Lazarus Group appeared first on Security Boulevard.

Software Supply Chain Attackers Targeting Banks, Checkmarx Says

Jeffrey Burt — Fri, 21 Jul 2023 15:46:14 +0000

Two banks earlier this year were the targets of open source supply chain attacks, the first of their kind in the industry.

The post Software Supply Chain Attackers Targeting Banks, Checkmarx Says appeared first on Security Boulevard.

MOVEit Cyberattack, The Problem with Password Rotations, Military Alert on Free Smartwatches

Tom Eston — Mon, 03 Jul 2023 04:00:53 +0000

Several major organizations, including British Airways and the BBC, fell victim to the recent MOVEit cyberattack. We discuss the alarming trend of hackers targeting trusted suppliers to gain access to customer data, potentially holding companies and individuals for ransom. Is it better to change passwords regularly or focus on creating complex ones? We discuss the […]

The post MOVEit Cyberattack, The Problem with Password Rotations, Military Alert on Free Smartwatches appeared first on Shared Security Podcast.

The post MOVEit Cyberattack, The Problem with Password Rotations, Military Alert on Free Smartwatches appeared first on Security Boulevard.

A Zero-Day Should Not Be a Crisis

Steve Winterfeld — Tue, 13 Jun 2023 14:00:56 +0000

The next time there is a zero-day sweeping the internet, your organization shouldn’t have to panic. This shouldn’t be a crisis. Instead, it should be a controlled exercise that follows a playbook that a drill has validated. While that’s easier said than done, this proactive approach will yield long-term benefits, saving time and minimizing stress...

The post A Zero-Day Should Not Be a Crisis appeared first on Security Boulevard.

Facing the Supply Chain Security Moment of Truth

Ariella Robison — Wed, 26 Apr 2023 17:37:09 +0000

While it has been coming for years, the industry is now facing its moment of truth for supply chain risks. The accelerating rash of major breaches in the technology supply chain has put threat actors in possession of the source code and secrets that underpin virtually all enterprise infrastructure. This means that critical hardware and […]

The post Facing the Supply Chain Security Moment of Truth appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Facing the Supply Chain Security Moment of Truth appeared first on Security Boulevard.

Your Vendor’s Vendor Adds Risk to the Open Source Supply Chain

Sue Poremba — Mon, 24 Apr 2023 13:00:36 +0000

Organizations rely heavily on third-party vendors and contractors. Smart companies will have a service level agreement (SLA) with each vendor which includes information about the vendor’s approach to cybersecurity—in fact, it’s a best practice to add security to the software supply chain. If only it was that simple. In the real world, the vendor supply..

The post Your Vendor’s Vendor Adds Risk to the Open Source Supply Chain appeared first on Security Boulevard.

3CX Breach Was a Double Supply Chain Compromise

BrianKrebs — Fri, 21 Apr 2023 01:05:44 +0000

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

The post 3CX Breach Was a Double Supply Chain Compromise appeared first on Security Boulevard.

AI/ML’s Role in Software Supply Chain Security

Sue Poremba — Mon, 27 Mar 2023 13:00:43 +0000

Almost every company has felt the impact of a cybersecurity incident caused by a security breakdown in the software supply chain. According to a study by BlueVoyant, 98% of businesses were negatively affected by a supply chain-related breach, with 40% of the respondents saying they rely on the vendor to ensure security. However, by relying..

The post AI/ML’s Role in Software Supply Chain Security appeared first on Security Boulevard.

Ransomware and Supply Chain Attacks: How to Protect Your Business From the Rising Threat of Third-Party Attacks

Christian Wiens — Wed, 08 Mar 2023 16:51:48 +0000

Stay protected from the rising threat of supply chain cyber attacks and ransomware attacks. Learn how to identify and assess the risks associated with third-party vendors and suppliers, and discover practical steps for implementing security controls, incident response plans, and employee education to protect your business.

The post Ransomware and Supply Chain Attacks: How to Protect Your Business From the Rising Threat of Third-Party Attacks appeared first on Security Boulevard.

Securing Against Supply Chain Attacks

Jaye Tillson — Fri, 27 Jan 2023 14:00:24 +0000

Anyone who has been in IT for the last decade knows the risks posed by ransomware and cyberattacks. They have been on our radar as a top concern for many years. But there have been changes. Most notably, the prevalence of attacks, specifically on large global companies, and the growing focus on a new target,..

The post Securing Against Supply Chain Attacks appeared first on Security Boulevard.