Security news aggregator

Latest coverage for Vendor

Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.

6 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.

Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.

Showing 6 most recent headlines Filtered view
The Hacker News 2 years, 4 months ago

How to Use Tines's SOC Automation Capability Matrix

Created by John Tuckner and the team at workflow and automation platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents.  A customizable, vendor-agnostic tool featuring lists of automation opportunities, it's been shared

Bank Info Security 2 years, 4 months ago

Hack at Services Firm Hits 2.4 Million Eye Doctor Patients

As Vendor Breaches Surge, Medical Practices Need 20/20 Visibility on Third PartiesAn Arizona firm that provides administrative services to a dozen ophthalmology practices in several states is notifying nearly 2.4 million patients of a data theft incident. The hack is among the latest recent major data breaches involving vendors of critical services to healthcare firms.

Bank Info Security 2 years, 4 months ago

PAM Provider Delinea Buys Fastpath

Acquisition Will Allow Delinea to Detect Overprivileged Access, Company SaysCalifornia privileged access management vendor Delinea announced it will acquire identity governance and administration vendor Fastpath. "We believe privilege, not just identity, is the true security perimeter," said Delinea Chief Product Officer Phil Calvin.