DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector
The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.
Supply-chain attacks compromise trusted vendors or dependencies, potentially reaching downstream systems; verify provenance and limit access before deployment.
Search across headline titles and summaries.
Background for this topic.
Supply chain is the network of suppliers, software developers, service providers, components, and processes used to build and deliver an organization’s products or services. In a security threat model, it extends the trust boundary beyond the organization: a compromised supplier account, build system, software dependency, update mechanism, or hardware component can introduce malicious code, expose credentials, or undermine systems used by many customers.
Effective protection starts with mapping critical suppliers, dependencies, data flows, and access, then applying risk-based due diligence and least-privilege, segmented access. For software, maintain an inventory such as a software bill of materials, verify signed artifacts and update provenance where feasible, and monitor dependencies for vulnerabilities or unexpected changes. Contracts and technical controls should support timely notification and investigation. Response plans should cover revoking supplier access, isolating affected versions or integrations, determining exposure, and coordinating remediation with the provider.
The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.
Vendor email compromise is big risk, says Darktrace Paid feature Of all the things that have value in business, trust is one of the most important. We tend to trust those that we work with closely, giving them easier access to our precious infrastructure.…
Poisoned SCADA apps could have disrupted power supply – perhaps even at nuclear plants The United States Department of Justice has unsealed a pair of indictments that detail alleged Russian government hackers' efforts to use supply chain attacks and malware in an attempt to compromise and control critical infrastructure around the world – including at least one nuclear power plant.…
Another day, another attack on the software supply chain A group of more than 200 malicious npm packages targeting developers who use Microsoft Azure has been removed two days after they were made available to the public.…
Securing APIs requires both a "shift left" methodology and "shield right" action.
A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information
Now available for use with Checkmarx Software Composition Analysis (SCA), the solution restores trust in modern application development while letting developers embrace open source code.
A ransomware attack struck Bridgestone Americas, weeks after another Toyota supplier experienced the same and a third reported some kind of cyber hit.