supply chain security - Tagged - Security Boulevard

Securing the Software Supply Chain: Checkmarx One Expands its Offerings

Alan Shimel — Wed, 20 Nov 2024 18:56:52 +0000

The software supply chain is under siege. Threat actors increasingly exploit weaknesses in code repositories, dependencies and mismanaged secrets to infiltrate and disrupt software development processes. In response, organizations are turning to robust strategies to safeguard their supply chains, including tools like SCA scanning, AI and container security, secrets detection and repository health monitoring. Checkmarx’s..

The post Securing the Software Supply Chain: Checkmarx One Expands its Offerings appeared first on Security Boulevard.

The Supply Chain Conspiracy: Cyber Attacks Behind the Lebanon Explosions

NSFOCUS — Fri, 20 Sep 2024 05:47:57 +0000

On September 17 and 18, a series of devastating explosions rocked Lebanon, resulting in 37 fatalities and nearly 3,000 injuries, according to the Lebanese Minister of Public Health. Initial investigations suggest these attacks were not mere accidents but rather the result of a sophisticated cyber operation targeting communication devices. Understanding the Attack Experts indicate that […]

The post The Supply Chain Conspiracy: Cyber Attacks Behind the Lebanon Explosions appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post The Supply Chain Conspiracy: Cyber Attacks Behind the Lebanon Explosions appeared first on Security Boulevard.

Dependency Confusion Attacks and Prevention: Register Your Private Package Names

Guest Expert — Thu, 15 Aug 2024 13:21:17 +0000

Dependency confusion attacks exploit gaps in your software supply chain. Dive into modern dependency management and learn how to defend your systems with best practices.

The post Dependency Confusion Attacks and Prevention: Register Your Private Package Names appeared first on Security Boulevard.

Networking Equipment Riddled With Software Supply Chain Risks

Nathan Eddy — Fri, 26 Jul 2024 08:24:18 +0000

Outdated software components often contain vulnerabilities that have been discovered and are well-understood by threat actors.

The post Networking Equipment Riddled With Software Supply Chain Risks appeared first on Security Boulevard.

Researchers Uncover UEFI Vulnerability Affecting Intel CPUs

Wajahat Raja — Wed, 03 Jul 2024 07:00:26 +0000

Cybersecurity researchers have recently uncovered a UEFI vulnerability in the Phoenix SecureCore UEFI firmware, which affects a variety of Intel Core desktop and mobile processors. This now-patched vulnerability, identified as CVE-2024-0762 with a CVSS score of 7.5, has been termed “UEFIcanhazbufferoverflow.” It involves a buffer overflow caused by an unsafe variable in the Trusted Platform […]

The post Researchers Uncover UEFI Vulnerability Affecting Intel CPUs appeared first on TuxCare.

The post Researchers Uncover UEFI Vulnerability Affecting Intel CPUs appeared first on Security Boulevard.

More than 100K sites impacted by Polyfill supply chain attack

Lisa Haas — Mon, 01 Jul 2024 17:30:43 +0000

The new Chinese owner tampers with the code of cdn.polyfill.io to inject malware targeting mobile devices.

The post More than 100K sites impacted by Polyfill supply chain attack appeared first on Security Boulevard.

Software Supply Chain Risks ⎪Cassie Crossley (VP Supply Chain Security, Schneider Electric)

Alexandra Charikova — Tue, 11 Jun 2024 08:32:14 +0000

This blog is based on our conversation with Cassie Crossley, Vice President of Supply Chain Security at Schneider Electric. It covers the unique challenges of software supply chain security.

The post Software Supply Chain Risks ⎪Cassie Crossley (VP Supply Chain Security, Schneider Electric) appeared first on Security Boulevard.

Threat Hunting 101: Five Common Threats to Look For

Lisa Haas — Thu, 30 May 2024 06:30:00 +0000

Learn more about supply chain threats and where to find them.

The post Threat Hunting 101: Five Common Threats to Look For appeared first on Security Boulevard.

Vulnerability of the Month – Controversy of the JetBrains TeamCity CVE-2024-27198 & CVE-2024-27199

Mackenzie Jackson — Fri, 03 May 2024 18:42:28 +0000

This month we dive into CVE-2024-27198 for JetBrains TeamCity and the controversy surrounding the patching process that contributed to it being exploited in the wild.

The post Vulnerability of the Month – Controversy of the JetBrains TeamCity CVE-2024-27198 & CVE-2024-27199 appeared first on Security Boulevard.

Why you need an SBOM (Software Bill Of Materials)

Greg Bulmash — Fri, 12 Apr 2024 17:49:14 +0000

SBOMs are security analysis artifacts becoming required by more companies due to internal policies and government regulation. If you sell or buy software, you should know the what, why, and how of the SBOM.

The post Why you need an SBOM (Software Bill Of Materials) appeared first on Security Boulevard.