Apple Warns Users in 150 Countries of Mercenary Spyware Attacks
In new threat notification information, Apple singled out Pegasus vendor NSO Group as a culprit in mercenary spyware attacks.
Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.
Search across headline titles and summaries.
Background for this topic.
Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.
Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.
In new threat notification information, Apple singled out Pegasus vendor NSO Group as a culprit in mercenary spyware attacks.
High-profile individuals including MPs said to be caught up in leak Exclusive Taxi software biz iCabbi recently fixed an issue that exposed the personal information of nearly 300,000 individuals via an unprotected database.…
Rubrik Began the IPO Process. Will Cyber-Physical Systems Vendor Claroty Join It?Following Rubrik's announcement that it plans to list on the New York Stock Exchange, another company is considering trying its luck in the public market. Claroty is meeting with underwriters ahead of a possible 2025 IPO that could value the cyber-physical systems security titan at $3.5 billion.
SaaS vendor to blame for exposing employee data that was ultimately leaked on Dark Web forum, according to the home improvement retailer.