Quarter of Healthcare Ransomware Victims Forced to Halt Operations
Trend Micro research reveals supply chains are key source of risk.
Supply-chain attacks compromise trusted vendors or dependencies, potentially reaching downstream systems; verify provenance and limit access before deployment.
Search across headline titles and summaries.
Background for this topic.
Supply chain is the network of suppliers, software developers, service providers, components, and processes used to build and deliver an organization’s products or services. In a security threat model, it extends the trust boundary beyond the organization: a compromised supplier account, build system, software dependency, update mechanism, or hardware component can introduce malicious code, expose credentials, or undermine systems used by many customers.
Effective protection starts with mapping critical suppliers, dependencies, data flows, and access, then applying risk-based due diligence and least-privilege, segmented access. For software, maintain an inventory such as a software bill of materials, verify signed artifacts and update provenance where feasible, and monitor dependencies for vulnerabilities or unexpected changes. Contracts and technical controls should support timely notification and investigation. Response plans should cover revoking supplier access, isolating affected versions or integrations, determining exposure, and coordinating remediation with the provider.
Trend Micro research reveals supply chains are key source of risk.
SaaS security platform promises to track down shadow IT, map supply chain risk, and "nudge" employees to work securely.
A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats
The NCSC guidance has been issued amid a significant increase in supply chain attacks in recent years
Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly to trick developers into using them instead. [...]
As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the software they deliver or use. In fact, in Gartner recently published their 2022 cybersecurity predictions - not only do they anticipate the continued expansion of attack surfaces in the near future, they also list digital supply