Scattered Spider Uses Tech Vendor Impersonation and Phishing Kits to Target Helpdesks
The ransomware group combines IT vendor impersonation and phishing frameworks like Evilginx to breach its targets
Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.
Search across headline titles and summaries.
Background for this topic.
Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.
Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.
The ransomware group combines IT vendor impersonation and phishing frameworks like Evilginx to breach its targets
Cellebrite, a controversial digital forensics firm, is set to acquire virtualization vendor Corellium in a $170 million deal.
Florida Vendor Set to Reach $100M ARR by 2027 With Identity Segmentation, ZTNA PushWith $55 million in Series C funding led by Highland Europe, Zero Networks aims to expand its zero trust architecture through identity segmentation and zero trust network access. The Orlando, Fla.-based microsegmentation startup aims to double headcount and target a $100 million ARR goal by 2027.