Supply chain management vendor Blue Yonder succumbs to ransomware

November 25, 2024 at 08:35PM Blue Yonder, a US supply chain SaaS vendor, suffered a ransomware attack, disrupting its services and affecting customers like Starbucks, Morrisons, and Sainsbury’s. Despite ongoing recovery efforts with cybersecurity firms, the timeline for restoring operations remains unclear. This incident underscores the risks ransomware poses to supply chain stability. **Meeting Takeaways: … Read more

Blue Yonder ransomware attack disrupts grocery store supply chain

November 25, 2024 at 04:12PM Blue Yonder faced significant disruptions due to a ransomware attack on November 21, impacting its managed services for clients, including UK grocery chains. The company is collaborating with cybersecurity firms for recovery but has not provided a timeline for service restoration. High-profile customers include Morrisons and Sainsbury. ### Meeting Takeaways … Read more

New Scoring System Helps Secure the Open Source AI Model Supply Chain

October 24, 2024 at 06:09AM AI models from Hugging Face may harbor hidden issues similar to open-source software from platforms like GitHub. A new scoring system has been introduced to enhance the security of the open-source AI model supply chain. This aims to address potential vulnerabilities in AI models. **Meeting Takeaways:** 1. **Similarity in Issues**: … Read more

New PondRAT Malware Hidden in Python Packages Targets Software Developers

September 23, 2024 at 03:30AM Threat actors linked to North Korea have been using poisoned Python packages to distribute a new malware called PondRAT, part of an ongoing campaign. The attacks are part of an operation known as Operation Dream Job and aim to compromise supply chain vendors and their customers. The attackers have been … Read more

Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads

July 25, 2024 at 12:45PM Chainguard, a software supply chain security startup, raised $140 million in a new financing round, reaching a valuation in excess of $1 billion. The company, founded by ex-Google engineers, has raised a total of $256 million since its launch in late 2021. The funding will be used to expand into … Read more

Judge Dismisses Major SEC Charges Against SolarWinds and CISO 

July 19, 2024 at 05:30PM The SEC lawsuit against SolarWinds and CISO Timothy Brown, accused of concealing security issues pre and post SUNBURST breach, has been dismissed by a judge. This outcome signifies a significant development in the legal proceedings. (49 words) Based on the meeting notes, it seems that there has been a development … Read more

Defending OT Requires Agility, Proactive Controls

July 17, 2024 at 04:35AM Hackers with ties to the Chinese government have gained access to US critical infrastructure, transitioning from espionage to potentially compromising or destroying infrastructure via operational technology. Recent attacks on maritime and water systems signal the need for increased OT security. Three key steps include converging IT and OT security, developing … Read more

Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks

July 1, 2024 at 01:18PM Security flaws in CocoaPods were discovered, allowing attackers to hijack and insert malicious code into popular iOS and macOS applications, posing serious supply chain risks. The vulnerabilities were patched in October 2023, but the issues stemmed from a 2014 migration, leading to unclaimed pods and flawed verification processes. Downstream customers … Read more

Polyfill.io owner punches back at ‘malicious defamation’ amid domain shutdown

June 27, 2024 at 11:56PM After its website shutdown, Polyfill.io’s owner battles accusations of distributing suspicious code on various websites. Anger-fueled social media posts target CDN titan Cloudflare and media for “malicious defamation.” Experts and a domain registrar warn of supply chain risks. The site has relocated to polyfill[.]com. Cloudflare also launches a JavaScript URL … Read more

Unpacking 2024’s SaaS Threat Predictions

June 5, 2024 at 07:54AM Wing Security’s 2024 SaaS Security Report identified emergent threats and best practices for SaaS security. The report’s predictions have already manifested halfway through the year. Breach frequency is rising, demanding timelier threat alerts. Notably, Shadow AI, Supply Chain, Credential Access, and MFA Bypassing threats were outlined, all combatable with Automated … Read more