Incident Response
Microsoft, Intel and Goldman Sachs will lead a new work group focusing on supply chain security at the Trusted Computing Group (TCG).
Hi, what are you looking for?
SecurityWeek
Supply Chain Security
North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply...
Cloud Security
Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking...
Supply Chain Security
CISA, NSA, and ODNI issue new guidance on managing open source software and SBOMs to maintain awareness on software security.
Cybersecurity Funding
UK-based Risk Ledger has raised £6.25 million (~$7.65 million) in Series A funding to prevent supply chain attacks.
Application Security
Washington startup Chainguard banks $61 million in new financing as investors make hefty wagers on software supply chain security companies.
Supply Chain Security
Multiple North Korean hacking groups have exploited a recent TeamCity vulnerability and Microsoft warns of potential supply chain attacks.
Application Security
At SecurityWeek's 2021 CISO Forum, a high-powered panel of experts discussed specific ways an SBOM can improve supply chain security and where expectations may be overblown. ...
Malware & Threats
Security researchers at Kaspersky have spotted signs of the notorious FinSpy surveillance spyware hijacking -- and replacing -- the Windows UEFI bootloader to perform...
Cybercrime
Ransomware attack on U.S. farm incurred $9 million in losses
Cybercrime
Supply chain cyberattack could have wide blast radius through compromised MSPs
Supply Chain Security
The U.S. government’s push for mandatory SBOMs has sent cybersecurity buyers and sellers scrambling to understand the ramifications and prepare for downstream side-effects.
Cloud Security
Research finds that adversaries could detect a new misconfigured container within an average of five hours
Application Security
Google wants to bring “salsa” to drive enforcement at the software supply chain security party.
Application Security
Following a major software supply chain compromise that exposed data for several major companies, developer tools startup CodeCov plans to kill off the Bash...
Incident Response
Rapid7 says unauthorized third-party accessed source code, customer data during Codecov supply chain breach
Application Security
The massive blast radius from the Codecov supply chain attack remains shrouded in mystery as security teams continue to assess the fallout from the...
Incident Response
In a joint document published this week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST)...
Cyberwarfare
Security agencies say the Cyber Av3ngers group targeting ICS at multiple water facilities is affiliated with the Iranian government.
Endpoint Security
Identity & Access
Vulnerabilities
Cloud Security
While applications and cloud infrastructure present different risk profiles and require different security assessments, they must not be viewed separately with regards to enterprise...