Latest coverage for Vendor
Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.
Refine the feed
Search across headline titles and summaries.
Tag briefing
Background for this topic.
Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.
Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.
Millions of People Affected in MOVEit Attack on US Gov't Vendor
Living up to its name, Maximus sees a whale of a breach that affects millions of people's sensitive government records, including health data.
Thales Agrees to Buy App Security Vendor Imperva in $3.6B Deal
The deal is expected to give the French vendor a larger presence in the application and API security markets, as well as in North America.
Ambulance patient records system hauled offline for cyber-attack probe
UK trusts serving 12 million people affected as vendor awaits results of forensic investigation Several UK NHS ambulance organizations have been struggling to record patient data and pass it to other providers following a cyber-attack aimed at health software company Ortivus.…
Ivanti plugs critical bug – but not before it was used against Norwegian government
Uncle Sam warns sysadmins to get patching as soon as possible A critical security flaw in Ivanti's mobile endpoint management code was exploited and used to compromise 12 Norwegian government agencies before the vendor plugged the hole.…
CISOs Connect Launches the 2023 CISO Choice Awards
CISOs select winners based on real-world experience; vendor submissions now open.