July 1, 2024 at 01:18PM Security flaws in CocoaPods were discovered, allowing attackers to hijack and insert malicious code into popular iOS and macOS applications, posing serious supply chain risks. The vulnerabilities were patched in October 2023, but the issues stemmed from a 2014 migration, leading to unclaimed pods and flawed verification processes. Downstream customers … Read more
June 27, 2024 at 11:56PM After its website shutdown, Polyfill.io’s owner battles accusations of distributing suspicious code on various websites. Anger-fueled social media posts target CDN titan Cloudflare and media for “malicious defamation.” Experts and a domain registrar warn of supply chain risks. The site has relocated to polyfill[.]com. Cloudflare also launches a JavaScript URL … Read more
June 5, 2024 at 07:54AM Wing Security’s 2024 SaaS Security Report identified emergent threats and best practices for SaaS security. The report’s predictions have already manifested halfway through the year. Breach frequency is rising, demanding timelier threat alerts. Notably, Shadow AI, Supply Chain, Credential Access, and MFA Bypassing threats were outlined, all combatable with Automated … Read more
June 3, 2024 at 10:25AM Cybersecurity researchers found a suspicious package in the npm registry called glup-debugger-log, disguising as a toolkit logger. It has been downloaded 175 times and contains obfuscated files deploying a remote access trojan. The package uses a series of checks before launching a JavaScript file for persistence and executing arbitrary commands. … Read more
May 1, 2024 at 12:02AM The 2024 Data Breach Investigations Report by Verizon Business reveals that 14% of data breaches in 2023 stemmed from security bugs, demonstrating a 180% increase in exploitation. The MOVEit software breach contributed significantly to this trend, impacting various industries. The report emphasizes the urgent need for organizations to strengthen their … Read more
April 23, 2024 at 08:27AM A webinar titled “Supply Chain Under Siege: Unveiling Hidden Threats” is being offered by industry experts to equip attendees with knowledge on identifying and neutralizing supply chain threats in the cybersecurity landscape. The session will cover the anatomy of supply chain threats, proactive threat hunting methodologies, case studies, practical steps … Read more
March 20, 2024 at 08:03AM Today’s virtual event focuses on the importance of software and vendor supply chain security issues. Join the fully immersive summit to explore these critical aspects. Presented by SecurityWeek. It appears that the meeting notes are about a virtual event advertising the Supply Chain & Third-Party Risk Summit 2024, which focuses … Read more
March 12, 2024 at 06:48PM Ex-Meta VP sued for allegedly stealing confidential documents to aid a new AI cloud startup. During his 12-year tenure, Dipinder Singh Khurana rose to VP of infrastructure before leaving for a stealth-mode startup. Meta accuses him of taking sensitive data and luring employees to his new employer, resulting in multiple … Read more
March 6, 2024 at 03:35AM SEMI, an industry association representing 3,000 chip vendors, opposes the EU’s plans to impose export controls on China. They argue that these controls should only be used as a last resort for national security concerns. SEMI also criticizes the EU’s strategy to improve economic security, expressing concerns about potential negative … Read more
January 25, 2024 at 06:10PM Panorays’ 2024 CISO Survey of 200 CISOs reveals that 94% are concerned about third-party cybersecurity threats, with 65% anticipating an increase in third-party cyber risk budget. Only 3% have already implemented a third-party cyber risk management solution, and 33% plan to do so in 2024. CISOs prioritize AI-driven solutions and … Read more