Security news aggregator

Latest coverage for Vendor

Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.

7 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.

Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.

Showing 7 most recent headlines Filtered view
Bank Info Security 9 months, 3 weeks ago

How the EU Data Act Shifts Control Back to Users

Newly Implemented Rule to Boost Cloud Competition and AI DevelopmentThe EU Data Act is now in its second phase of implementation, shifting the balance of power by granting users rights over the data generated by their connected devices and services. Beyond banning unfair contract terms and eliminating vendor lock-in, the act mandates data portability and access.

Bank Info Security 9 months, 3 weeks ago

Vendors Veradigm and ApolloMD Report Health Data Hacks

Recent Incidents Highlight Patient Record Cyber Risks Tied to Third-Party SuppliersVendor security risk has long been a source of pain for many healthcare providers. Veradigm - formerly Allscripts - and ApolloMD are among the latest software and services vendors reporting hacking incidents potentially triggering headaches for customers and their patients.

Rapid7 warns flaw could let any app peek at your SMS, but smartphone vendor won't pick up Security researchers report that OnePlus smartphone users remain vulnerable to a critical bug that allows any application to read SMS and MMS data — a flaw that has persisted since late 2021.…