Supply Chain Security Archives

SECURITYWEEK NETWORK:

ICS:

Hi, what are you looking for?

Nation-State

Researchers Spot APTs Targeting Small Business MSPs

Proofpoint warns that APT actors linked to Russia, Iran and North Korea are increasingly targeting small- and medium-sized businesses.

Ryan NaraineMay 24, 2023

Application Security

Red Hat Pushes New Tools to Secure Software Supply Chain

Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain.

Ryan NaraineMay 23, 2023

Supply Chain Security

China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States

China’s government told users of computer equipment deemed sensitive to stop buying products from the biggest U.S. memory chipmaker, Micron.

Associated PressMay 22, 2023

Supply Chain Security

Pimcore Platform Flaws Exposed Users to Code Execution

Security researchers are warning that newly patched vulnerabilities in the Pimcore platform bring code execution risks.

Ionut ArghireMay 19, 2023

Funding/M&A

Investors Make $6M Bet on Manifest for SBOM Management Technology

Manifest raises $6 million in seed funding to help businesses generate, collect, and manage software bill of materials (SBOMs).

Ryan NaraineMay 18, 2023

Funding/M&A

Entro Raises $6M to Tackle Secrets Sprawl

Israeli startup Entro launches with $6 million in seed-stage funding and a product to help manage secrets sprawl in the enterprise.

Ryan NaraineMay 17, 2023

Cybercrime

Python, JavaScript Developers Targeted With Fake Packages Delivering Ransomware

Phylum security researchers warn of a new software supply chain attack relying on typosquatting to target Python and JavaScript developers.

Ionut ArghireDecember 12, 2022

Endpoint Security

LF Electromagnetic Radiation Used for Stealthy Data Theft From Air-Gapped Systems

Mordechai Guri, a cybersecurity researcher from the Ben-Gurion University of the Negev in Israel who specializes in air gap jumping, has released a paper...

Eduard KovacsDecember 9, 2022

Malware & Threats

Iranian Hackers Deliver New ‘Fantasy’ Wiper to Diamond Industry via Supply Chain Attack

An Iran-linked advanced persistent threat (APT) actor named Agrius is using a new wiper in attacks targeting entities in South Africa, Israel and Hong...

Ionut ArghireDecember 8, 2022

Application Security

Big Tech Vendors Object to US Gov SBOM Mandate

The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into...

Ryan NaraineDecember 7, 2022

Cloud Security

Security Flaws in AMI BMC Can Expose Many Data Centers, Clouds to Attacks

Researchers at firmware and hardware security company Eclypsium have identified several potentially serious vulnerabilities in baseboard management controller (BMC) firmware made by AMI (American...

Eduard KovacsDecember 6, 2022

Cloud Security

IBM Cloud Vulnerability Exposed Users to Supply Chain Attacks

IBM recently patched a vulnerability in IBM Cloud Databases for PostgreSQL that could have exposed users to supply chain attacks.

Eduard KovacsDecember 2, 2022

Supply Chain Security

Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework

Developers have been warned that the popular Quarkus framework is affected by a critical vulnerability that could lead to remote code execution.Available since 2019,...

Ionut ArghireNovember 30, 2022

ICS/OT

OT:Icefall Continues With Vulnerabilities in Festo, Codesys Products

Forescout Technologies has disclosed the details of three new vulnerabilities identified by its researchers in operational technology (OT) products from Festo and Codesys.

Ionut ArghireNovember 30, 2022

Mobile & Wireless

US Bans Huawei, ZTE Telecoms Gear Over Security Risk

US authorities announced a ban Friday on the import or sale of communications equipment deemed "an unacceptable risk to national security" -- including gear...

AFPNovember 26, 2022

Supply Chain Security

Cross-Tenant AWS Vulnerability Exposed Account Resources

A cross-tenant vulnerability in Amazon Web Services (AWS) could have allowed attackers to abuse AWS AppSync to gain access to resources in an organization’s...

Ionut ArghireNovember 23, 2022

Cyberwarfare

Microsoft Warns of Boa Web Server Risks After Hackers Target It in Power Grid Attacks

Microsoft is warning organizations about the risks associated with the discontinued Boa web server after vulnerabilities affecting the software were apparently exploited by threat...

Eduard KovacsNovember 23, 2022

Compliance

Digesting CISA’s Cross-Sector Cybersecurity Performance Goals

Last month, CISA released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 National Security Memorandum on improving cybersecurity for critical infrastructure control...

Gordon LawsonNovember 22, 2022

Page 5 of 23‹ Previous 1 2 3 456 7 8 9 Next ›Last »

SECURITYWEEK NETWORK:

ICS:

Nation-State

Researchers Spot APTs Targeting Small Business MSPs

Application Security

Red Hat Pushes New Tools to Secure Software Supply Chain

Supply Chain Security

China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States

Supply Chain Security

Pimcore Platform Flaws Exposed Users to Code Execution

Funding/M&A

Investors Make $6M Bet on Manifest for SBOM Management Technology

Funding/M&A

Entro Raises $6M to Tackle Secrets Sprawl

Cybercrime

Python, JavaScript Developers Targeted With Fake Packages Delivering Ransomware

Endpoint Security

LF Electromagnetic Radiation Used for Stealthy Data Theft From Air-Gapped Systems

Malware & Threats

Iranian Hackers Deliver New ‘Fantasy’ Wiper to Diamond Industry via Supply Chain Attack

Application Security

Big Tech Vendors Object to US Gov SBOM Mandate

Cloud Security

Security Flaws in AMI BMC Can Expose Many Data Centers, Clouds to Attacks

Cloud Security

IBM Cloud Vulnerability Exposed Users to Supply Chain Attacks

Supply Chain Security

Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework

ICS/OT

OT:Icefall Continues With Vulnerabilities in Festo, Codesys Products

Mobile & Wireless

US Bans Huawei, ZTE Telecoms Gear Over Security Risk

Supply Chain Security

Cross-Tenant AWS Vulnerability Exposed Account Resources

Cyberwarfare

Microsoft Warns of Boa Web Server Risks After Hackers Target It in Power Grid Attacks

Compliance

Digesting CISA’s Cross-Sector Cybersecurity Performance Goals

Featured

Endpoint Security

Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards

Vulnerabilities

Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery

Malware & Threats

Watch Now: Threat Detection and Incident Response Virtual Summit

ICS/OT

New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids

Cyberwarfare

Microsoft Catches Chinese .Gov Hackers Targeting US Critical Infrastructure

Mobile & Wireless

Samsung Smartphone Users Warned of Actively Exploited Vulnerability

Mobile & Wireless

Apple Patches 3 Exploited WebKit Zero-Day Vulnerabilities

Latest News

Vulnerabilities

Critical Vulnerabilities Found in Faronics Education Software

Vulnerabilities

Chrome 114 Released With 18 Security Fixes

Security Architecture

Breaking Enterprise Silos and Improving Protection

Malware & Threats

Spyware Found in Google Play Apps With Over 420 Million Downloads

Vulnerabilities

Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability

Vulnerabilities

Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery

Identity & Access

PyPI Enforcing 2FA for All Project Maintainers to Boost Security