April 23, 2024 at 08:27AM A webinar titled “Supply Chain Under Siege: Unveiling Hidden Threats” is being offered by industry experts to equip attendees with knowledge on identifying and neutralizing supply chain threats in the cybersecurity landscape. The session will cover the anatomy of supply chain threats, proactive threat hunting methodologies, case studies, practical steps … Read more
March 20, 2024 at 08:03AM Today’s virtual event focuses on the importance of software and vendor supply chain security issues. Join the fully immersive summit to explore these critical aspects. Presented by SecurityWeek. It appears that the meeting notes are about a virtual event advertising the Supply Chain & Third-Party Risk Summit 2024, which focuses … Read more
March 12, 2024 at 06:48PM Ex-Meta VP sued for allegedly stealing confidential documents to aid a new AI cloud startup. During his 12-year tenure, Dipinder Singh Khurana rose to VP of infrastructure before leaving for a stealth-mode startup. Meta accuses him of taking sensitive data and luring employees to his new employer, resulting in multiple … Read more
March 6, 2024 at 03:35AM SEMI, an industry association representing 3,000 chip vendors, opposes the EU’s plans to impose export controls on China. They argue that these controls should only be used as a last resort for national security concerns. SEMI also criticizes the EU’s strategy to improve economic security, expressing concerns about potential negative … Read more
January 25, 2024 at 06:10PM Panorays’ 2024 CISO Survey of 200 CISOs reveals that 94% are concerned about third-party cybersecurity threats, with 65% anticipating an increase in third-party cyber risk budget. Only 3% have already implemented a third-party cyber risk management solution, and 33% plan to do so in 2024. CISOs prioritize AI-driven solutions and … Read more
January 25, 2024 at 05:38PM SecurityScorecard announced SecurityScorecard MAX, a partner-focused managed service that helps identify, prioritize, and resolve vulnerabilities in supply chain cyber risk management. MAX, delivered through a franchise model, aims to bolster cybersecurity posture efficiently and reduce overall costs. The service offers a technology-enabled risk operations center and improved collaborative resolution of … Read more
January 23, 2024 at 01:05PM Two malicious npm packages, warbeast2000 and kodiak2k, leveraged GitHub to store stolen Base64-encrypted SSH keys. They were discovered and taken down after attracting 412 and 1,281 downloads. The modules run a postinstall script to execute JavaScript files, potentially compromising security. The incident highlights ongoing supply chain security threats. Some key … Read more
January 18, 2024 at 10:00AM Kusari, a software supply chain security startup, has secured $8 million in pre-seed and seed funding led by J2 Ventures and Glasswing Ventures, with support from Unusual Ventures. Founded by members of OpenSSF and CNCF, Kusari aims to provide transparency in the software supply chain with its GUAC tool, reducing … Read more
November 28, 2023 at 02:44PM The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors, a major automotive parts supplier. The attack disrupted production at Stellantis, and Qilin has threatened to release sensitive data. Qilin is known for targeting companies in all sectors and recently rebranded its ransomware. Group-IB has … Read more
November 13, 2023 at 04:35PM Four major ports in Australia, operated by DP World, experienced a cyber attack that caused disruptions over the weekend. The company is responsible for 40% of freight in and out of the country. The exact nature of the attack is still unknown, but some experts speculate it may involve ransomware. … Read more