February 21, 2024 at 09:45AM The Biden-Harris administration issued an executive order to enhance cybersecurity at US ports, specifically addressing the threat of Chinese-made cranes. The maritime industry has been prone to cyber incidents, leading to concerns about supply chain security and global economy. The order empowers the Coast Guard to enforce cybersecurity standards and … Read more
February 21, 2024 at 04:27AM Cybersecurity researchers discovered two malicious Python packages on PyPI repository, NP6HelperHttptest and NP6HelperHttper, using DLL side-loading to evade detection by security software. These fake packages aimed to deceive developers into downloading rogue counterparts of legitimate ones. The malicious code included a remote access trojan and was part of a wider … Read more
February 15, 2024 at 06:35AM Wing Security’s analysis of 493 SaaS-using companies in Q4 2023 reveals the significance of SaaS-related risks following 2023’s cyber attacks. The report underlines the need for SaaS security measures, highlights common SaaS risks, and emphasizes the growing threat of supply chain attacks. It concludes with 8 ways to mitigate SaaS … Read more
January 30, 2024 at 09:42AM New legislation, the Farm and Food Cybersecurity Act, aims to boost cybersecurity in the agriculture and food critical infrastructure sectors. It requires biennial cyber threat assessments, reports to congressional committees, and annual crisis simulation exercises over five years. Representatives and senators introduced the bill, with support from various associations and … Read more
January 19, 2024 at 03:33AM A recently discovered malicious npm package “oscompatible” was found to deploy a sophisticated remote access trojan on compromised Windows machines. This attack highlights the increasing targeting of open-source software ecosystems and the risks associated with deprecated npm packages. The security firm Aqua revealed that 21.2% of top npm packages are … Read more
January 18, 2024 at 06:38AM The concept of “secure by design” is crucial in the face of increasing supply chain attacks, with a shift towards proactive security measures. The Cybersecurity and Infrastructure Security Agency (CISA) is pushing for this in software development practices, emphasizing collective responsibility. It involves building security into software from the ground … Read more
December 18, 2023 at 10:05AM The SolarWinds attack in December 2020 compromised 18,000 organizations and revealed vulnerabilities in supply chain security. Recent developments highlight SolarWinds’ breach detection timeline and resulted in legal action. Regulators are pursuing improved security practices, and governments and organizations are working together to strengthen cybersecurity frameworks, promote information sharing, and prioritize … Read more
December 15, 2023 at 07:21PM Ledger, a cryptocurrency wallet maker, was targeted by a malicious code inserted into its Connect Kit JavaScript library. The code rerouted funds to a hacker’s wallet, resulting in a loss of over $610,000. Despite security measures, a former employee’s compromised credentials were exploited. Ledger asserts the issue has been addressed, … Read more
December 13, 2023 at 10:07AM After the Log4j incident, there is increased scrutiny on the security of software supply chains. Key stakeholders including the US government, CISA, the EU Commission, the UK’s NCSC, and Japan are collaborating to enhance the utility of software bills of materials (SBOMs). However, challenges lie in implementation, responsibility allocation, and … Read more
December 12, 2023 at 10:04AM The 2013 Target breach revealed significant vulnerabilities in third-party interactions, leading to nearly a billion dollars in financial damages. Despite efforts to strengthen cyber defenses, organizations continue to grapple with systemic issues and supply chain security. The industry now faces a critical need for a paradigm shift towards proactive data … Read more