Security news aggregator

Latest coverage for Vendor

Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.

4 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.

Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.

Showing 4 most recent headlines Filtered view
Bank Info Security 3 months, 2 weeks ago

ISMG Editors: Vendor Breaches Expose Healthcare Risk

Also: RSAC Speakers Warn AI Is Outpacing Security, DoD's Zero Trust Reality CheckIn this week's panel, four ISMG editors discussed growing cyber risks in healthcare following recent vendor breaches, key takeaways from RSAC Conference and whether the Pentagon's zero trust push is delivering real security benefits or just checking off boxes.

Bank Info Security 3 months, 2 weeks ago

Your AI Vendor's Worst Enemy Is Its Own Development Pipeline

Anthropic's Mythos Leak Points to Pattern of Failures, Sloppy Practices at AI LabsAnthropic accidentally exposed its most powerful unreleased AI model to compromise, and days later shipped its flagship coding tool's full source code without meaning to. Meta, Microsoft and OpenAI have each had comparable moments. Questions linger about the integrity of third-party AI tools.

Bank Info Security 3 months, 2 weeks ago

The Open Back Door: Industrial Remote Access

Why Remote Access to Industrial Operations Is the Biggest Unmanaged RiskRemote access has become one of the largest unmanaged attack surfaces in industrial operations. Legacy VPNs and jump servers expose OT environments to serious risk. Learn how Cisco Cyber Vision's Secure Equipment Access can secure vendor and engineer access while protecting critical infrastructure.

Bank Info Security 3 months, 2 weeks ago

Cloud-Based EHR Vendor Notifies SEC About Hacking Incident

CareCloud: Intruder Accessed Systems for 8 Hours, Still Assessing Extent of BreachElectronic health records vendor CareCloud has notified the U.S. Securities and Exchange Commission of a cyber incident earlier this month that temporarily disrupted the software and accessed one of its EHR environments. The company is assessing whether patient data was accessed or stolen.