Software Supply Chain Security Attacks Up 200%: New Sonatype Research
Sonatype’s 9th annual State of the Software Supply Chain also covers regulations and how AI could help developers protect organizations from security risks.
supply chain security
Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk
Flaw poses a direct threat to the SOCKS5 proxy handshake process in cURL and can be exploited remotely in some non-standard configurations.
The post Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk appeared first on SecurityWeek.
US Government Releases Security Guidance for Open Source Software in OT, ICS
CISA, FBI, NSA, and US Treasury published new guidance on improving the security of open source software in OT and ICS.
The post US Government Releases Security Guidance for Open Source Software in OT, ICS appeared first on SecurityWeek.
Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions
Taiwan authorities are investigating four Taiwan-based companies suspected of helping China’s Huawei Technologies to build semiconductor facilities.
The post Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions…
GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks
GitHub beefs up its secret scanning feature, now allowing users to check the validity of exposed credentials for major cloud services.
The post GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks appeared first on SecurityWeek.
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol
The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security.
The post Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol appeared first on SecurityWeek.
CISA Unveils New HBOM Framework to Track Hardware Components
CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products.
The post CISA Unveils New HBOM Framework to Track Hardware Components appeared first on SecurityWeek.
Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages
Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.
The post Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages appeared…
Webinar Today: Scaling Software Supply Chain Security
Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.
The post Webinar Today: Scaling Software Supply Chain Security appeared first on SecurityWeek.
New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack
A new APT group called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong.
The post New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack appeared …