Supply Chain Security Archives

SECURITYWEEK NETWORK:

ICS:

Hi, what are you looking for?

Artificial Intelligence

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.

Ryan Naraine5 days ago

Supply Chain Security

Webinar Today: Scaling Software Supply Chain Security

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

SecurityWeek NewsSeptember 7, 2023

Malware & Threats

New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack

A new APT group called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong.

Ionut ArghireAugust 22, 2023

Application Security

Google Brings AI Magic to Fuzz Testing With Eye-Opening Results

Google sprinkles magic of generative-AI into its open source fuzz testing infrastructure and finds immediate success with code coverage.

Ryan NaraineAugust 17, 2023

Government

CISA Calls Urgent Attention to UEFI Attack Surfaces

The US government's cybersecurity agency describes UEFI as "critical attack surface" that requires urgent security attention.

Ryan NaraineAugust 3, 2023

Funding/M&A

Software Supply Chain Startup Endor Labs Scores Massive $70M Series A Round

Endor Labs has closed a massive $70 million Series A round of financing to fuel ambitious plans to build a dependency lifecycle management platform.

Ryan NaraineAugust 3, 2023

Supply Chain Security

The VC View: The DevSecOps Evolution and Getting “Shift Left” Right

As the world increasingly moves to the cloud and digital-everything, organizations’ risk postures have also changed. Embedding security into the business is the new,...

William LinMay 2, 2022

Application Security

New OpenSSF Project Hunts for Malicious Packages in Open Source Repositories

The Open Source Security Foundation (OpenSSF) has announced a new project whose goal is to help identify malicious packages in open source repositories.

Ionut ArghireApril 29, 2022

Application Security

Web Application Security Firm Source Defense Raises $27 Million

Source Defense, a provider of web application client-side protection, says it pocketed $27 million in Series B funding, bringing the total investment raised by...

Ionut ArghireApril 26, 2022

Cybersecurity Funding

Code Security Firm SonarSource Raises $412 Million at $4.7 Billion Valuation

Geneva-based code quality company is cashing in on heightened investor interest in the software supply chain security space

Ryan NaraineApril 26, 2022

Cybersecurity Funding

Fortress Raises $125 Million to Secure Critical Industry Supply Chains

Fortress Information Security on Tuesday announced raising $125 million from Goldman Sachs, an investment that it plans on using to help critical industry operators...

Eduard KovacsApril 19, 2022

Application Security

Google Teams Up With GitHub for Supply Chain Security

Google has teamed up with GitHub for a solution that should help prevent software supply chain attacks such as the ones that affected SolarWinds...

Eduard KovacsApril 7, 2022

Audits

Checkmarx Finds Threat Actor ‘Fully Automating’ NPM Supply Chain Attacks

Threat hunters at Checkmarx on Monday raised an alarm after discovering a threat actor fully automating the creation and delivery of "hundreds of malicious...

Ryan NaraineMarch 28, 2022

Supply Chain Security

Watch on Demand: Supply Chain Security Summit & Expo (Virtual)

Mike LennonMarch 23, 2022

Application Security

‘Secrets Sprawl’ Haunts Software Supply Chain Security

A cybersecurity startup is warning of a major, unattended weak link in the software supply chain: the vexing problem of valuable corporate secrets --...

Ryan NaraineMarch 22, 2022

Application Security

Software Supply Chain Weakness: Snyk Warns of ‘Deliberate Sabotage’ of NPM Ecosystem

Software supply chain security fears escalated again this week with the discovery of what’s being described as "deliberate sabotage" of code in the open-source...

Ryan NaraineMarch 17, 2022

Supply Chain Security

Webinar Today: Protect the Software Supply Chain, Eliminate Risks in Code

SecurityWeek VideoMarch 8, 2022

Application Security

Legit Security Raises $30M to Tackle Supply Chain Security

A team of Israeli entrepreneurs with roots in the application security ecosystem is taking a stab at software supply chain security with big backing...

Ryan NaraineFebruary 14, 2022