October 23, 2024 at 09:50AM Socket has secured $40 million in Series B funding to advance its development of open source software supply chain security technology. **Meeting Takeaways:** 1. **Funding Achievement:** Socket has successfully raised $40 million in a Series B funding round. 2. **Focus Area:** The raised funds will be allocated towards developing technology … Read more
October 22, 2024 at 05:16PM The Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC) launched LinkSECURE, a program aimed at enhancing cybersecurity for vendors and reducing supply chain risks. The initiative includes support for implementing security measures, educational sessions, and resources to improve cybersecurity across the retail and hospitality sectors. ### Meeting Takeaways from … Read more
October 22, 2024 at 06:18AM Cybersecurity researchers identified suspicious npm registry packages designed to steal Ethereum private keys and gain SSH access to victim machines. These packages impersonate legitimate libraries, requiring developers to use them to trigger malware. Previous similar attacks included a malicious package that exfiltrated keys to a server in China. ### Meeting … Read more
October 18, 2024 at 10:04AM Supply chain attacks are increasingly common, necessitating a shift from traditional vendor risk management to continuous, proactive security measures. Key strategies include real-time vendor monitoring, blockchain for transparency, zero-trust access protocols, and collaborative security practices. Organizations must adopt a comprehensive approach to protect their entire ecosystem from evolving threats. ### … Read more
October 15, 2024 at 06:06AM Entry points in open-source packages across various programming languages are vulnerable to exploitation, posing risks for supply chain attacks. This highlights the need for enhanced security measures to protect against such vulnerabilities. The article is based on a post from SecurityWeek. **Meeting Takeaways:** 1. **Vulnerability Highlighted**: Entry points in software … Read more
October 2, 2024 at 07:10PM The National Security Agency and international cybersecurity agencies released “Principles of Operational Technology Cyber Security,” outlining six principles to safeguard critical infrastructure. These principles stress the paramount importance of safety, knowledge of the business, protecting OT data, segmenting OT networks, securing the supply chain, and ensuring a skilled cybersecurity workforce. … Read more
September 23, 2024 at 10:00AM The Commerce Department plans to ban the sale of connected and autonomous vehicles in the U.S. equipped with Chinese and Russian software and hardware by 2027-2030, citing national security concerns. This preemptive measure aims to protect against potential threats of data exposure and external control of vehicles, with implications for … Read more
September 19, 2024 at 04:47PM The congressional report revealed that US maritime infrastructure relies heavily on Chinese-made cranes and systems, posing potential cybersecurity risks. While no evidence of malicious activity was found, concerns persist about remote access and software vulnerabilities. The report recommends measures to address these issues, stressing the importance of protecting critical infrastructure … Read more
September 13, 2024 at 10:02AM Operational resilience is crucial in the interconnected IT infrastructure, with hardware and firmware threats often overlooked. Global efforts, such as the US Executive Order and EU directives, aim to fortify supply chain security. Organizations face growing concerns over state-sponsored hardware and firmware threats, requiring a shift towards proactive endpoint security … Read more
September 11, 2024 at 10:04AM The exploding demand for remote access has created a vulnerable attack surface for industrial control systems, with many using multiple inadequate remote access tools. Critical infrastructure sectors are at risk, and cyberattackers have already exploited such tools in high-profile breaches. The report emphasizes the need for better management, security standards, … Read more