June 3, 2024 at 10:25AM Cybersecurity researchers found a suspicious package in the npm registry called glup-debugger-log, disguising as a toolkit logger. It has been downloaded 175 times and contains obfuscated files deploying a remote access trojan. The package uses a series of checks before launching a JavaScript file for persistence and executing arbitrary commands. … Read more
May 1, 2024 at 12:02AM The 2024 Data Breach Investigations Report by Verizon Business reveals that 14% of data breaches in 2023 stemmed from security bugs, demonstrating a 180% increase in exploitation. The MOVEit software breach contributed significantly to this trend, impacting various industries. The report emphasizes the urgent need for organizations to strengthen their … Read more
April 23, 2024 at 08:27AM A webinar titled “Supply Chain Under Siege: Unveiling Hidden Threats” is being offered by industry experts to equip attendees with knowledge on identifying and neutralizing supply chain threats in the cybersecurity landscape. The session will cover the anatomy of supply chain threats, proactive threat hunting methodologies, case studies, practical steps … Read more
March 20, 2024 at 08:03AM Today’s virtual event focuses on the importance of software and vendor supply chain security issues. Join the fully immersive summit to explore these critical aspects. Presented by SecurityWeek. It appears that the meeting notes are about a virtual event advertising the Supply Chain & Third-Party Risk Summit 2024, which focuses … Read more
March 12, 2024 at 06:48PM Ex-Meta VP sued for allegedly stealing confidential documents to aid a new AI cloud startup. During his 12-year tenure, Dipinder Singh Khurana rose to VP of infrastructure before leaving for a stealth-mode startup. Meta accuses him of taking sensitive data and luring employees to his new employer, resulting in multiple … Read more
March 6, 2024 at 03:35AM SEMI, an industry association representing 3,000 chip vendors, opposes the EU’s plans to impose export controls on China. They argue that these controls should only be used as a last resort for national security concerns. SEMI also criticizes the EU’s strategy to improve economic security, expressing concerns about potential negative … Read more
January 25, 2024 at 06:10PM Panorays’ 2024 CISO Survey of 200 CISOs reveals that 94% are concerned about third-party cybersecurity threats, with 65% anticipating an increase in third-party cyber risk budget. Only 3% have already implemented a third-party cyber risk management solution, and 33% plan to do so in 2024. CISOs prioritize AI-driven solutions and … Read more
January 25, 2024 at 05:38PM SecurityScorecard announced SecurityScorecard MAX, a partner-focused managed service that helps identify, prioritize, and resolve vulnerabilities in supply chain cyber risk management. MAX, delivered through a franchise model, aims to bolster cybersecurity posture efficiently and reduce overall costs. The service offers a technology-enabled risk operations center and improved collaborative resolution of … Read more
January 23, 2024 at 01:05PM Two malicious npm packages, warbeast2000 and kodiak2k, leveraged GitHub to store stolen Base64-encrypted SSH keys. They were discovered and taken down after attracting 412 and 1,281 downloads. The modules run a postinstall script to execute JavaScript files, potentially compromising security. The incident highlights ongoing supply chain security threats. Some key … Read more
January 18, 2024 at 10:00AM Kusari, a software supply chain security startup, has secured $8 million in pre-seed and seed funding led by J2 Ventures and Glasswing Ventures, with support from Unusual Ventures. Founded by members of OpenSSF and CNCF, Kusari aims to provide transparency in the software supply chain with its GUAC tool, reducing … Read more