More results...
Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks.
The post China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain appeared first on SecurityWeek.
China dominates in critical minerals, and President Trump has turned to high-pressure tactics to acquire them.
Researchers earned a $50,500 Bug Bounty after uncovering a critical supply chain flaw in a newly acquired firm,…
Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don’t realize that they have been abandoned, and still ping them for patches, updates, and etc.
The TL;DR is that this time, we ended up discovering ~150 Amazon S3 buckets that had previously been used across commercial and open source software products, governments, and infrastructure deployment/update pipelines—and then abandoned…
サプライチェーンマネジメントとは
サプライチェーンマネジメント(SCM)とは、企業が提供するソフトウェア、ハードウェア、その他のITおよび技術サービスなど、最終ユーザーに提供される完成品となる原材料を調達する全体的なプロセスである。そして、ほぼすべての業界にわたる企業にとって、グローバルなサプライチェーンは依然として重要な関心事であり、特にITが分析やその他のデータ関連の対策に目を向け、企業がサプライチェーンで直面する問題の緩和に役立てようとしてい…
Supply chain security insights: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers.
The post Cyber Insights 2024: Supply Chain appeared first on SecurityWeek.
By Artur Cygan Creating reproducible builds for SGX enclaves used in privacy-oriented deployments is a difficult task that lacks a convenient and robust solution. We propose using Nix to achieve reproducible and transparent enclave builds so that anyone can audit whether the enclave is running the source code it claims, thereby enhancing the security of […]
Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking supply chain attack bomb.”
The post Researchers Discover Dangerous Exposure of…
By Jim Miller The US government recently issued a request for information (RFI) about open-source software (OSS) security. In this blog post, we will present a summary of our response and proposed solutions. Some of our solutions include rewriting widely used legacy code in memory safe languages such as Rust, funding OSS solutions to improve […]
A majority of both developers and CISOs view software supply chain security as a top priority in their roles (70% and 52% respectively), according to Chainguard. However, there is a clear disconnect and even some distrust between CISOs and developers r…