December 5, 2023 at 07:36AM AlphV/BlackCat, a ransomware group, threatens to extort clients of Tipalti, an accounting software vendor it claims to have breached since September, obtaining 265GB of data. Instead of directly targeting Tipalti, which is likely not to pay due to insurance limitations, they plan to pressure high-profile clients like Roblox and Twitch. … Read more
November 29, 2023 at 06:33PM Former White House Cybersecurity Chief Melissa Hathaway, active in cybersecurity policy advisory, comments on the evolving digital threat landscape. She highlights ransomware sophistication, third-party supplier vulnerabilities, and underlines current administration efforts to make companies more security responsible. Hathaway also stresses the strategic digital advancements of China and expresses concerns over … Read more
November 21, 2023 at 09:00AM Webinar: Learn why a Software Bill of Materials (SBOM) may not provide sufficient protection for your application’s attack surfaces. Introducing an eXtended Software Bill of Materials (XBOM) that offers a more accurate and comprehensive view of your application, infrastructure, and pipeline components. Join the webinar on 28 November at 5pm … Read more
November 10, 2023 at 07:00AM The US cybersecurity agency CISA, the NSA, and the ODNI have issued new guidance to help software vendors secure the software supply chain. The guidance focuses on assessing security measures throughout the software lifecycle, managing open source software and software bills of materials, and making recommendations for different phases of … Read more
November 1, 2023 at 11:46AM Chainguard, a supply chain security startup founded by former Google engineers, has secured $61 million in Series B financing led by Spark Capital. This brings their total venture capital investments to $116 million. Their flagship product, Chainguard Images, has gained traction among Fortune 500 companies and technology providers. Chainguard aims … Read more
October 31, 2023 at 08:18AM Malicious packages have been discovered on the NuGet package manager, deployed using a lesser-known method. The campaign, ongoing since August 2023, involves rogue packages delivering the SeroXen RAT remote access trojan. The threat actors behind the campaign are persistent, continuously publishing new malicious packages. The packages imitate popular ones and … Read more
October 15, 2023 at 01:53PM Valve is implementing additional security measures on Steam to address the recent outbreak of malware being pushed from compromised publisher accounts. Starting October 24, game developers will be required to pass an SMS-based security check before pushing updates, and the same requirement will be enforced for adding new users to … Read more