Microsoft cancels Patch Tuesday for some Dell users over surprise shutdowns, overheating devices
Mega hardware vendor reports problems - but Windows maker isn't yet naming affected models
Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.
Search across headline titles and summaries.
Background for this topic.
Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.
Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.
Weekly headline count for the current query.
Mega hardware vendor reports problems - but Windows maker isn't yet naming affected models
Vendor insists there's no evidence of unauthorized access, but it's asking customers to take one of the most drastic precautions available
Zuckercorp says surveillance-for-hire vendor was still running phishing operations after federal court told it to knock it off
Apache, Alibaba databases vulnerable and only one has a patch
Vimeo points finger at analytics supplier Anodot, says no logins or card data were touched More than 119,000 Vimeo users's email addresses were extracted in a breach traced to a third-party analytics vendor, according to Have I Been Pwned.…
Linux vendor touts European independence at SUSECON as majority stakeholder quietly explores its options European-based SUSE devoted much of the annual SUSECON event to its sovereignty-focused pitch - even as reports swirl that its majority stakeholder is exploring a $6 billion sale which could land the Linux vendor in American hands.…
Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump
Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online appears to have come from one of its GitHub repositories after the Lapsus$ extortion crew claimed to have dumped the company’s source code, secrets, and other sensitive data.…
UK and US customers stuck waiting after fleet management SaaS vendor took affected environments offline A cybersecurity incident has knocked FleetWave into a "major outage" across the UK and US after Chevin Fleet Solutions pulled parts of its SaaS platform offline and left customers scrambling for answers.…
ChipSoft's website remains down but emails are functioning A Dutch healthcare software vendor has been knocked offline following a ransomware attack, officials say.…
Omnissa telemetry suggests business buyers are loving Apple and Google End-user compute vendor Omnissa, the company formed by the spin-out of VMware’s virtual desktops, applications, and device management biz, has dug into the telemetry it collects from customers and painted a picture of the world’s enterprise hardware fleet – and the news is better for Google and Apple than it is for Microsoft.…
Crooks used simple phone scam to compromise vendor account, spilling personal and financial data belonging to more than 15,000 people A voice-phishing scam targeting one of Ericsson's service providers has exposed the personal data of more than 15,000 individuals after attackers sweet-talked an employee into handing over access.…
$300 a month buys you a backdoor that looks like legit software Researchers at Proofpoint late last month uncovered what they describe as a "weird twist" on the growing trend of criminals abusing remote monitoring and management software (RMM) as their preferred attack tools.…
Whoever gets it will steer UK department's IT, AI strategy, and megabucks vendor deals The UK Ministry of Defence (MoD) is offering between £270,000 to £300,000 for a senior digital leader who will oversee more than £4.6 billion in spending and more than 3,000 specialist staff.…
US agencies told to patch by Friday Attackers are exploiting a critical SolarWinds Web Help Desk bug - less than a week after the vendor disclosed and fixed the 9.8-rated flaw. That's according to America's lead cyber-defense agency, which set a Friday deadline for federal agencies to patch the security flaw.…
eScan lawyers up after Morphisec claimed 'critical supply-chain compromise' A spat has erupted between antivirus vendor eScan and threat intelligence outfit Morphisec over who spotted an update server incident that disrupted some eScan customers earlier this month.…
pcTattletale boss Bryan Fleming faces up to 15 years in prison when sentenced later this year The US government has secured a guilty plea from a stalkerware maker in federal court, marking just the second time in more than a decade that the US has managed to prosecute a consumer spyware vendor successfully. …
SEC filings show the outfit cut projected 2027 cloud purchase commitments by $114M Security vendor Palo Alto Networks is expanding its Google Cloud partnership, saying it will move "key internal workloads" onto the Chocolate Factory's infrastructure. The outfit also claims it is tightening integrations between its security tools and Google Cloud to deliver what it calls a "unified" security experience. At the same time, Palo Alto may trim its own cloud purchase commitments.…
An employee of the adult site could be responsible. Analytics vendor Mixpanel says it is not the source of data stolen from Pornhub and says the info was last accessed by an employee of the adult site.…
Get your Hyper-V and VMware ESXi setups in order, people Researchers at security software vendor Huntress say they’ve noticed a huge increase in ransomware attacks on hypervisors and urged users to ensure they’re as secure as can be and properly backed up.…