April 15, 2024 at 04:06AM Webinar featuring Andy Grayland, CISO at Silobreaker, will address the rising third-party risk in busy supply chains. It focuses on the importance of protecting against cyber threats posed by third-party partners and how to use threat intelligence to identify and mitigate risks. The webinar will be held on 18 April. … Read more
April 11, 2024 at 12:42PM CISA issued a red-alert notice about a potential supply chain breach at Sisense, a data analytics company. The agency advised Sisense customers to reset credentials and report any suspicious activity. CISA is collaborating with industry partners to address the incident, emphasizing its potential impact on critical infrastructure. Sisense has not … Read more
April 4, 2024 at 01:27PM Hoya Corporation, a global optics manufacturer, faced a “system failure” leading to server downtime at various plants. With 37,000 employees across 160 sites and in over 30 countries, they prioritize system restoration. A third-party security breach is suspected, impacting production and order systems. Investigations continue to analyze the extent and … Read more
March 26, 2024 at 04:42PM Binarly, a Los Angeles startup, secured $10.5 million in venture capital funding led by Two Bear Capital. Their AI-powered solution, the Binarly Transparency Platform, automates discovery of security vulnerabilities in firmware and software supply chain. Founded by NVIDIA alum Alex Matrosov, the company aims to capitalize on global software supply … Read more
March 22, 2024 at 10:04AM Code-signing best practices are crucial for fostering trust in the development process and enhancing software supply chain security. The key takeaway from the meeting notes is the importance of strong code-signing best practices in establishing trust in the development process and enhancing the security of the software supply chain. Full … Read more
March 21, 2024 at 07:42AM In today’s digital-first business environment, organizations increasingly rely on third-party vendors for cloud services. Nudge Security offers security profiles for over 97,000 SaaS apps, aiding in vendor risk management by accelerating security reviews, providing app directories for employees, expediting evaluations, and offering breach alerts. Nudge Security’s flexible model aims to … Read more
March 20, 2024 at 06:21AM The US government and international partners issued another warning about China’s Volt Typhoon cyber gang targeting critical infrastructure, advising protection measures. They emphasized guidance for non-technical senior leaders, urged cybersecurity best practices, and highlighted the importance of incident response plans and securing the supply chain. The advisory reiterated the gang’s … Read more
March 1, 2024 at 04:08PM The explosive growth in AI will immensely complicate software supply chain security. AI and ML models, integral to AI applications, contribute to the complexity. Developers must understand and secure these models, but existing security tools are ill-equipped for this task. Consequently, a new approach called MLSecOps is needed to address … Read more
February 26, 2024 at 03:01PM The National Institute for Standards and Technology (NIST) released Cybersecurity Framework 2.0 after years of deliberation. This update expands its recommendations beyond critical infrastructure, now including a sixth function, Govern, and addressing supply chain risks. The framework provides guidance, a searchable catalog, and references to aid organizations in cybersecurity risk … Read more
February 26, 2024 at 12:06PM ThyssenKrupp, a prominent steel producer, confirmed a cyberattack on its Automotive division, resulting in IT system shutdowns. The breach did not affect other business units and is under control. The Saarland plant was directly impacted. Despite previous cyber incidents, the perpetrator remains unknown. Normal operations are gradually resuming. From the … Read more