Tips for Securing the Software Supply Chain
“Software supply chain attacks are at the top of all CISOs’ minds,” says ReliaQuest CISO Jeff Music. Music attributes the popularity of software supply chain attacks to the fact that these attacks are relatively easy to conduct and have a significant payoff for the attacker. “This is especially the case if the vulnerable hardware or…
5 cybersecurity trends accelerating in 2023
Netwrix has released key cybersecurity trends that will affect organizations of all sizes in 2023. Here are five specific trends that you need to be aware of: The business of cybercrime will be further professionalized The return of malware strains like Emotet, Conti and Trickbot indicates an expansion of cybercrime for hire. In particular, the…
LofyGang Cybercrime Group Used 200 Malicious NPM Packages for Supply Chain Attacks
Likely operating out of Brazil, LofyGang appears to be an organized crime group focused on multiple hacking activities, including credit card data theft and Discord premium upgrades, as well as the hacking of games and streaming service accounts. LofyGang has been observed abusing multiple public cloud services for command and control (C&C) purposes, including Discord,…
Tidelift Raises $27 Million to Tackle Open Source Supply Chain Security
High profile supply chain attacks like SolarWinds, Kaseya, Codecov, ua-parser-js and Log4j have put pressure on companies and governments to address the risks associated with open source and other software supply chain risks. President Biden’s May 2021 Executive Order includes supply chain attacks as an area of concern. More recently, on January 13, 2022, a…
JFrog’s New Tools Flag Malicious JavaScript Packages
DevOps security firm JFrog released three open source security tools in response to recent issues with software registry npm to help JavaScript developers detect and prevent the installation of problematic packages. Software supply chain attacks are becoming a big problem in the open source software ecosystem, with attackers sneaking information stealers, keyloggers, and other types…
Framing supply chain attacks
The increase in the demand for innovative software has effectively reshaped the software development industry itself. Today, speed and agility are paramount and development teams are pushed to deliver highly advanced applications in record time — which means that writing every single line of code from the ground up is often not a sustainable practice….