software supply chain risk Archives

A ballet dancer sitting with her head in her hands

‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought

Richi Jennings | July 5, 2024 | App Sec & Supply Chain Security, AppSec & Supply Chain Security, CloudFlare, Funnull, Javascript, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, polyfill, SB Blogwatch, secure software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity

Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...

Security Boulevard

A flock of ostriches (or is it a troop?)

WordPress Plugin Supply Chain Attack Gets Worse

30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.) ...

Security Boulevard

GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW

Password reset FAILURE: The U.S. Cybersecurity and Infrastructure Security Agency warns GitLab users of a 100-day-old, maximum severity vulnerability ...

Security Boulevard

PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found

Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...

Security Boulevard

GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL

Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...

Security Boulevard

A tailor’s dummy hand is separated from its arm

Broken ARM: Mali Malware Pwns Phones

Richi Jennings | October 3, 2023 | android, ARM, CVE-2023-33200, CVE-2023-34970, CVE-2023-4211, GPU, hardware supply chain, Linux, Mali, open source software supply chain, SB Blogwatch, software supply chain, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks

Exploited in the wild: Yet more use-after-free vulns in Arm’s Mali GPU driver ...

Security Boulevard

Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug

WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...

Security Boulevard

Security Teams Need to Address One of the Biggest Software Supply Chain Risks: Open Source

rezilion | July 17, 2023 | open source, open source risk, Open Source Security, open source vulnerabilities, rsa, software supply chain, software supply chain risk, Uncategorized

One of the biggest threats to software supply chain security is open source software applications and components. Many enterprises and small businesses have come to rely on open source solutions, and they ...

Rezilion

The number of Fortinet instances exposed to the internet, as determined by a Shodan search, currently stands at a significant 648,983.

Fortinet Discreetly Patches CVE-2023-27997, a Known Exploited Vulnerability

Yotam Perkal | June 16, 2023 | Critical Vulnerabilities, Fortinet, software supply chain attacks, software supply chain risk, Uncategorized, Vulnerability Management, zero-day

According to Fortinet, 110 vulnerabilities affecting Fortinet software were announced since the beginning of 2023. On June 8th, security fixes were released in FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5 ...

Rezilion

The Biggest Risks to the Software Supply Chain

Esther Shein | June 12, 2023 | Application Security, software supply chain, software supply chain attacks, software supply chain risk, Uncategorized

Software supply chain risks is an increasingly hot topic because attention to the supply chain has grown in recent years. Its importance has naturally attracted the attention of hackers, so protecting the ...

Rezilion