Supply Chain Security Archives

SECURITYWEEK NETWORK:

ICS:

Hi, what are you looking for?

Nation-State

Researchers Spot APTs Targeting Small Business MSPs

Proofpoint warns that APT actors linked to Russia, Iran and North Korea are increasingly targeting small- and medium-sized businesses.

Ryan NaraineMay 24, 2023

Application Security

Red Hat Pushes New Tools to Secure Software Supply Chain

Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain.

Ryan NaraineMay 23, 2023

Supply Chain Security

China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States

China’s government told users of computer equipment deemed sensitive to stop buying products from the biggest U.S. memory chipmaker, Micron.

Associated PressMay 22, 2023

Supply Chain Security

Pimcore Platform Flaws Exposed Users to Code Execution

Security researchers are warning that newly patched vulnerabilities in the Pimcore platform bring code execution risks.

Ionut ArghireMay 19, 2023

Funding/M&A

Investors Make $6M Bet on Manifest for SBOM Management Technology

Manifest raises $6 million in seed funding to help businesses generate, collect, and manage software bill of materials (SBOMs).

Ryan NaraineMay 18, 2023

Funding/M&A

Entro Raises $6M to Tackle Secrets Sprawl

Israeli startup Entro launches with $6 million in seed-stage funding and a product to help manage secrets sprawl in the enterprise.

Ryan NaraineMay 17, 2023

Application Security

Microsoft Flags Ransomware Problems on Apple’s macOS Platform

Security researchers at Microsoft are flagging ransomware attacks on Apple’s flagship macOS operating system, warning that financially motivated cybercriminals are abusing legitimate macOS functionalities...

Ryan NaraineJanuary 9, 2023

Cybercrime

Many of 13 New Mac Malware Families Discovered in 2022 Linked to China

More than a dozen new Mac malware families were discovered in 2022, including information stealers, cryptocurrency miners, loaders, and backdoors, and many of them...

Eduard KovacsJanuary 6, 2023

Application Security

Slack Says Hackers Stole Private Source Code Repositories

Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is...

Eduard KovacsJanuary 5, 2023

Application Security

Malware Delivered to PyTorch Users in Supply Chain Attack

Last week’s nightly builds of the open source machine learning framework PyTorch were injected with malware following a supply chain attack.Now part of the...

Ionut ArghireJanuary 3, 2023

Cybersecurity Funding

The Five Stories That Shaped Cybersecurity in 2022

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Ryan NaraineDecember 29, 2022

Application Security

Okta Source Code Stolen by Hackers

Identity and access management solutions provider Okta this week informed customers that some of the company’s source code was stolen recently from its GitHub...

Eduard KovacsDecember 22, 2022

Government

Companies Announced Billions in US Government Cybersecurity Contracts in 2022

Companies have announced securing billions of dollars in cybersecurity-related contracts with the United States government in 2022.

Eduard KovacsDecember 22, 2022

Supply Chain Security

Critical Vulnerabilities Found in Passwordstate Enterprise Password Manager

Researchers discovered that the Passwordstate enterprise password manager made by Australian company Click Studios is affected by serious vulnerabilities that could allow an unauthenticated...

Eduard KovacsDecember 21, 2022

Cybercrime

Malicious PyPI Module Poses as SentinelOne SDK

Security researchers with ReversingLabs warn of a new supply chain attack using a malicious PyPI module that poses as a software development kit (SDK)...

Ionut ArghireDecember 19, 2022

Risk Management

US Puts 3 Dozen More Chinese Companies on Trade Blacklist

The U.S. Department of Commerce is adding 36 Chinese high-tech companies, including makers of aviation equipment, chemicals and computer chips, to an export controls...

Associated PressDecember 18, 2022

Application Security

GitHub Announces Free Secret Scanning, Mandatory 2FA

Microsoft-owned code hosting platform GitHub this week announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for...

Ionut ArghireDecember 16, 2022

Application Security

Google Announces Vulnerability Scanner for Open Source Developers

Google this week announced OSV-Scanner, a free scanner that open source developers can use to receive vulnerability details relevant to their projects.The high number...

Ionut ArghireDecember 14, 2022