Complex supply chains have complex security requirements, but secure them you must. Here’s where to start. 1 of 9 It seems impossible to overstate the importance of the supply chain, especially in times like these. Millions of consumers, too, learned distressing lessons when stories of crops rotting in fields and images of empty grocery shelves
Attackers seed Ruby Gems repository with more than 760 malicious packages using names just a bit different than the standard code libraries. Developers that make a simple typing mistake could find their systems compromised by malware in the latest attack on the software supply chain, say researchers at ReversingLabs, a software analysis platform provider. The
Attackers compromised Volusion’s Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites. Magecart attackers have infiltrated cloud-based e-commerce provider Volusion to successfully infect at least 6,500 customer websites with malicious code designed to lift payment card information. To do this, they had to first break into Volusion’s Google Cloud environment.
A recently announced pair of vulnerabilities in server firmware could put enterprise IT at risk. A recently announced pair of vulnerabilities in the firmware for baseboard management controllers (BMCs) used by at least eight different manufacturers’ servers is the latest incident to show a supply chain vulnerability that can have an impact on enterprise computing.
A code backdoor in a package on the Python Package Index demonstrates the importance of verifying code brought in from code repositories. The pace of modern software development requires code reuse, and effective code reuse requires code repositories. These collections of code fragments, functions, libraries, and modules allow developers to write applications without having to
With some security best practices, enterprises can significantly reduce the chances that a potential supply chain attack will affect business operations. Attackers today are getting increasingly creative with how they target organizations, often utilizing the supply chain as a point of ingress — exactly the kind of thing that keep security pros up at night.
Open source components help developers innovate faster, but they sometimes come at a high price. 1 of 9 Image Source: Adobe Stock Developers in enterprise environments — and at commercial software companies, for that matter — have learned that to deliver features swiftly, it’s much more expedient not to reinvent the wheel with certain chunks of code.
Breaches caused by external vendors and service providers have become a major and escalating problem for organizations. 1 of 8 Image Source: Shutterstock Breaches resulting from third-party security lapses are on the rise. Last year, 61% of surveyed US organizations said they had experienced a breach caused by one of their vendors or another third party. Some
Trusted relationships can become critical risks when suppliers’ systems are breached. When a platform is attacked, there are well-practiced tools and strategies for response. When a supply chain is attacked, as in the ShadowHammer attack that hit Asus and its customers, remediation can be much more of a challenge. Dark Reading last week reported on
Supply Chain Insights recently conducted a survey with the objective to understand the “current and expected future state of supply chain risk management, the biggest drivers of risk, and the impact on supply chain disruptions.” While nearly two-thirds of respondents believe their company performs better today on risk management practices than five years ago, they