Security news aggregator

Latest coverage for Vendor

Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.

5 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.

Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.

Showing 5 most recent headlines Filtered view

After Vendor Paid for Data-Deletion Promise, Criminals Extort Schools DirectlyStudents, gather round for the sad story of how PowerSchool got schooled by hackers, who stole data on students and teachers. After PowerSchool paid a ransom for a guarantee that the data would be deleted, the bad hackers failed to honor their promise.

Bank Info Security 1 year, 2 months ago

AI in Zero Trust: Hype, Hope and Hidden Gaps

CISOs Seek Real Value as Vendors Tout the Latest Batch of AI-Driven SolutionsAs the conversation shifts from generative to agentic AI, it's clear that AI holds tremendous potential to ease zero trust fatigue, but only when guided by business context, quality data and human oversight. CISOs see AI as a "basket of opportunities but plenty of "vendor blind spots."

Bank Info Security 1 year, 2 months ago

Living in a Fairytale: PowerSchool's Failures Continue

Criminals Extort School Employees After Vendor Paid for Data-Deletion PromiseStudents, gather round for the sad story of how PowerSchool got schooled not once, but twice. Surprise: attackers who received a ransom payment in return for a promise to delete data they stole from PowerSchool pertaining to students and teachers didn't actually delete the data.

Bank Info Security 1 year, 2 months ago

Meta Wins $167M Over NSO Spyware Hack

Jury Slams NSO With $167M Verdict for WhatsApp HackMeta has secured a $167 million punitive damages verdict against Israeli spyware vendor NSO Group, with a U.S. jury finding the firm illegally used Pegasus malware to hack 1,400 WhatsApp accounts tied to diplomats, dissidents and journalists using encrypted messaging platforms.

Bank Info Security 1 year, 2 months ago

Security Professionals: Stay Aware of Current Events

Ballistic Ventures' Kevin Mandia on How CISOs Can Lead Through Economic TurbulenceIn uncertain times, CISOs must balance people and technology, says Kevin Mandia, general partner, Ballistic Ventures. Security budgets face less risk, but efficiency is crucial. AI adoption will accelerate, vendor consolidation will strengthen defenses and SMBs may benefit from outsourcing security.