Security news aggregator

Latest coverage for Vendor

Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.

8 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.

Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.

Showing 8 most recent headlines Filtered view

Deal Would Boost Veeam's Cyber Footprint as Data Protection Vendor Valuations SurgeBloomberg reported that data protection and ransomware recovery giant Veeam is in advanced talks to buy DSPM and AI security vendor Securiti for $1.8 billion, with an announcement coming as soon as this week. The deal would accelerate Veeam's pivot from backup and disaster recovery to cybersecurity.

Bank Info Security 9 months, 1 week ago

Reading the Fine Print When Managing Vendor Risk

Risk and Compliance Review Professionals Can Save Millions and Help Avoid BreachesRisk and compliance review requires more than just checking off boxes. It involves understanding what the fine print reveals about how a vendor protects data, manages incidents and upholds contractual obligations. Professionals who review contracts become trusted voices in procurement and security.

Bank Info Security 9 months, 1 week ago

Fortra Confirms 'Unauthorized Activity' Hit GoAnywhere MFT

Medusa Ransomware Group Tied to Exploits of Now-Patched Zero-Day VulnerabilityRecent attacks targeting Fortra's GoAnywhere managed file transfer software exploited a "limited" number of customers who set their on-premises installations to have an administrative console publicly exposed to the internet, which the vendor recommends customers never do.

Bank Info Security 9 months, 1 week ago

Reading the Fine Print When Managing Vendor Risk

Risk and Compliance Review Professionals Can Save Millions and Help Avoid BreachesRisk and compliance review requires more than just checking off boxes. It involves understanding what the fine print reveals about how a vendor protects data, manages incidents and upholds contractual obligations. Professionals who review contracts become trusted voices in procurement and security.

Security Experts Advise Immediate Patching; Zero-Day Attacks Began Last MonthAffiliates of Russian-speaking ransomware operation Medusa began targeting a zero-day vulnerability in widely used Fortra GoAnywhere Managed File Transfer software one week before the vendor issued a security alert, patch and mitigation instructions for the flaw, say security experts.

Deal Would Boost Veeam's Cyber Footprint as Data Protection Vendor Valuations SurgeBloomberg reported that data protection and ransomware recovery giant Veeam is in advanced talks to buy DSPM and AI security vendor Securiti for $1.8 billion, with an announcement coming as soon as this week. The deal would accelerate Veeam's pivot from backup and disaster recovery to cybersecurity.

Bank Info Security 9 months, 1 week ago

Discord Vendor Hack Exposes ID Data in Ransom Bid

Proliferating Age Verification Systems a Hacker TargetA vendor breach linked to Discord exposed government ID uploads used in age verification, raising alarms among privacy experts who warn that third-party data collection systems are becoming high-value targets amid rising legislative mandates for online age checks.