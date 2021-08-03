Cancel
What Constitutes a Software Supply Chain Attack?

By Ax Sharma
securityboulevard.com
 5 days ago

Cover picture for the articleWe are just halfway through 2021, and have already seen an exceptional increase in open source malware and novel supply chain attacks. And, they seem to just keep coming. *** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Ax Sharma. Read the original post at: https://blog.sonatype.com/what-constitutes-a-software-supply-chain-attack.

securityboulevard.com

Comments / 0

IN THIS ARTICLE
#Supply Chain Attack#Security Bloggers Network#Sonatype Blog
Computerssecurityboulevard.com

How Network Segmentation Can Protect Supply Chains from Ransomware Attacks

Organizations can take various steps to protect their operational technology (OT) environments against digital threats. But some stand out more than others. In particular, network segmentation is described as “the first answer to insufficient ICS (Industrial Control System) cybersecurity.” Experts advocate zoning ICS assets to coordinate informational technology (IT) and OT environments effectively.
Technologysecurityboulevard.com

Supply Chain Security – Not As Easy As it Looks

The massive exploit of SolarWinds is a prime example of what is called a “supply chain” vulnerability. The vast majority of those impacted by the Russian SolarWinds attack probably had never even heard of the company SolarWinds, and did not realize that they were dependent upon that company for critical infrastructure. Indeed, modern supply chains, manufacturing, technology, and Internet and telecommunications networks are dependent upon complex webs of supply chains—or, more accurately, supply webs—which are vulnerable to disruption and attack. While defense contractors, the intelligence community, and the Department of Defense all attempt to address this problem, for commercial entities, supply chain security can be the difference between being able to deliver products and services effectively or going out of business. Yet, it is incredibly complex and difficult even to identify what your supply chain is and identify your dependencies. There are some things you can do today, from a practical and legal standpoint, to ensure greater visibility into your supply chain and better ensure the security and resilience of your supply chain.
TechnologyTechRepublic

How to ensure your vendors are cybersecure to protect you from supply chain attacks

Right now supply-chain vendors are a prime target for cybercriminals. One expert offers ways to remove the bullseye from supply vendors. There aren't many sure things in life, and, sadly, one of them is how criminals—cyber or otherwise—always leverage the victim's weakest link to ensure their success. TechRepublic's Tom Merritt, in his article, video and podcast, Top 5 things to know about supply chain attacks, looked at one important weak link making headlines, supply chains.
EconomyItproportal

Businesses suffer major financial damage as a result of supply chain attacks

Security breaches caused by the compromise of a software provider or other partner are causing businesses significant headaches, a new report from email security company GreatHorn suggests. Also known as supply chain attacks, these incidents have affected three quarters of organizations, the majority (79%) of which suffered financial losses as...
Softwareaithority.com

Argon Releases Its Integrity Solution, The Industry’s First Software Supply Chain Security That Prevent Supply Chain Attacks Such As The SolarWinds Breach

Argon Security, announced the release of its patent-pending Integrity solution that enables organizations to detect and block software supply chain attacks like the ones against SolarWinds and ClickStudios. The solution also eliminates supply chain risks from misconfigurations, vulnerabilities and weak dependencies in your CI/CD pipeline. Argon Integrity™ solidifies Argon’s leadership...
SoftwareSupply & Demand Chain Executive

BlackBerry Strengthens Cybersecurity in Supply Chains

BlackBerry releases Jarvis 2.0, which it says addresses expanding global embedded cybersecurity landscape. The new generation of Jarvis features a more user-friendly and a software-as-a-service (SAAS) version of the original capabilities. Per BlackBerry:. The focused feature is set around the three most important areas that those building mission-critical applications need...
Softwaredigitalconnectmag.com

How do supply chain security attacks work?: Prevention Practices

Cyber Attackers are always looking for weak points to attack. Even if you are confident your security posture is strong, you can be at risk. Strong defenses like firewalls, network, and endpoint security make it harder for criminals to attack your organization, and if they are motivated enough, they can look around for a secondary target to get at you. That’s how supply chain attacks work and why your supply chain security should be a priority.
Industrymyhfa.org

Power in the numbers Influences supply chain challenges

I’ve noticed an interesting shift in meetings we’ve had with key staff in Cabinet departments like Commerce and Transportation or with members of Congress. Before I get to that shift, you need to know that we have increased the frequency of the meetings with influencers intentionally. We have got to keep your needs and concerns top of their minds to bring important issues to the people who can make a difference for our industry. A perfect example is the complex issues relating to supply chain challenges. One thing in particular that has gotten the attention of everyone we’ve talked to has been the exorbitant price of containers. The numbers are staggering when you compare them to pre-COVID. Five, six, seven hundred percent increases, if not more.
Coding & Programminglinuxtoday.com

Supply Chain Flaws Found in Python Package Repository

Administrators overseeing the Python Package Index (PyPI) in recent days found themselves responding to vulnerabilities found in the repository of open source software, the latest security problems to hit the Python community. Most recently, the PyPI group sent out fixes for three vulnerabilities that were discovered by security researcher RyotaK...
Internetdcvelocity.com

Report: E-mail vulnerabilities threaten supply chains

Nearly 60% of organizations have experienced an attempted supply chain attack in the past year, and e-mail vulnerabilities are a prime route to damage, according to data from Waltham, Mass.-based e-mail and cybersecurity firm GreatHorn. The firm's Threat Intelligence Team released data showing that one of the most prominent techniques used in supply chain attacks is a form of man-in-the-middle (MitM) attack, in which an attacker compromises login credentials to leverage legitimate e-mail communication between parties in order to carry out their supply chain attack. Known as Vendor Email Compromise (VEC), the method allows attackers to log into a user’s e-mail so they can pose as that user and leverage trusted relationships in the user’s supply chain to take advantage of existing e-mail threads, or data, the company said. “Given the quantity of workers remaining in a remote capacity, and the increase in phishing attacks that lead to malicious sites that compromise credentials, an organization’s supply chain has become a significant target for cybercriminals,” according to GreatHorn’s research on defending against vendor e-mail compromise. “With 3.7% of all e-mails containing potentially malicious links that bypass native e-mail security controls, and 41% of organizations stating that users click on malicious links daily, identifying links that attempt to harvest credentials is the first step for organizations in securing and protecting their users from account takeovers.” To help prevent attacks, the research shows companies should augment or replace traditional e-mail security approaches with more sophisticated techniques; those include advanced computer vision programs that can analyze suspicious links and prevent employees from accessing password-stealing accounts, as well as biometric authentication programs that can recognize a user’s unique typing patterns such as keystroke speed, pressure, timing, and more. “Attackers will continue to launch continuous attacks against supply chain partners, gaining access to supplier systems, including e-mail. Identifying spoofed vendors/individuals that can send malicious links and compromised partner accounts calls for advanced e-mail security techniques,” according to the company. “By augmenting or replacing traditional e-mail security approaches with more sophisticated capabilities, organizations can detect and mitigate the risk of supply chain attacks.”
EconomySupply & Demand Chain Executive

Discover Insights into Supply Chain Visibility with Top Execs

Supply chains are only as strong as their weakest link. That’s why it’s pertinent today’s companies are able to see, measure and improve what’s happening across the supply chain. Hear from industry experts from iTradeNetwork, Avetta and Plex on the importance of end-to-end supply chain visibility and how to achieve...
Career Development & AdviceThomasNet Industrial News Room

Shifting the Public Perception of Supply Chain Careers

Welcome to Thomas Insights — every day, we publish the latest news and analysis to keep our readers up to date on what’s happening in industry. Sign up here to get the day’s top stories delivered straight to your inbox. Supply chain careers are not typically lauded the “sexiest jobs...
Computer Sciencemissouri.edu

Using blockchain to streamline supply chains

New research focuses on using cloud-based technology and decentralization to ensure a secure and trustworthy process. A University of Missouri College of Engineering researcher is part of team proposing a new way to use blockchain technology to streamline supply chains. Blockchain is a decentralized database that allows multiple stakeholders to...
Technologysecurityboulevard.com

Spyware: What It Is, How It Works, and How to Prevent It

You might feel safe while using your phone or laptop packed with all the latest security features. However, it might not be entirely true sometimes. There may be something in your machine that tracks you all the time without you knowing. That culprit could be spyware. Spyware is software that...
Public Safetysecurityboulevard.com

Why supply chains are so vulnerable to hacks

When it comes to supply chain hacks, it’s not a matter of if, it’s a matter of when your organization will be hacked. Attacks on critical infrastructure and systems are on the rise, and with hackers gaining skill and in some cases getting paid out through ransomware attacks, that trajectory is only headed upwards.
Computershelpnetsecurity.com

The destructive power of supply chain attacks and how to secure your code

In this Help Net Security podcast, Tomislav Peričin, Chief Software Architect at ReversingLabs, explains the latest and most destructive supply chain attacks, their techniques and how to build more secure apps. Here’s a transcript of the podcast for your convenience. Jasmine: I’m here today with Tomislav Peričin, Chief Software Architect...
securityboulevard.com

Managing Entitlements and Access in the Cloud is a Leading Security Risk

Public cloud environments offer a flexible way for organizations to provision resources, spin up containers based on ever-changing requirements, and more. Public cloud deployments can quickly turn into a complicated highway of interconnected machines, users, applications, services, containers and microservices. The huge undertaking of keeping track, evaluating risks and defining...
Public Safetysecurityboulevard.com

‘DeadRinger’ Reveals Pervasive Cyber Espionage Campaign

‘DeadRinger’ Reveals Pervasive Cyber Espionage Campaign. In the summer of 2019, our researchers discovered a massive malicious campaign against telecommunications providers that we dubbed Operation Soft Cell. This week, our researchers revealed details of more pervasive attacks against telecommunications providers. The DeadRinger report reveals a cyber espionage campaign out of China targeting providers in Southeast Asia.

