Security news aggregator

Latest coverage for Vendor

Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.

7 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.

Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.

Showing 7 most recent headlines Filtered view

Shadowserver counts more than 13,000 appliances still wide open – including thousands in US, Germany, and UK Thousands of Citrix NetScaler appliances remain exposed to a trio of security flaws that the vendor patched this week, one of which is already being actively exploited in the wild.…

Bank Info Security 10 months, 2 weeks ago

Encryption Vendor Virtru Settles Patent Case With Microsoft

Deal Ends Suit Alleging Microsoft's Message Encryption Tool Violated Virtru PatentsAfter three years of litigation, Virtru and Microsoft have settled a patent infringement case involving the tech giant’s email encryption product. The suit claimed Microsoft's technology infringed Virtru’s patented identity-driven encryption method for seamless, credential-free data access.

Bank Info Security 10 months, 3 weeks ago

Facility Laundry and Dining Vendor Hack in 2024 Hits 624,500

Crime Gang 'Underground' Claimed Data Theft From Healthcare Services GroupA publicly traded Pennsylvania-based firm that provides dining, housekeeping and laundry services to long-term care and skilled nursing facilities is notifying nearly 624,500 people of a 2024 hacking incident that took nearly nine months for the company to investigate.