software supply chain risk
PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found
Richi Jennings | | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Richi Jennings | | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard
Broken ARM: Mali Malware Pwns Phones
Richi Jennings | | android, ARM, CVE-2023-33200, CVE-2023-34970, CVE-2023-4211, GPU, hardware supply chain, Linux, Mali, open source software supply chain, SB Blogwatch, software supply chain, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks
Exploited in the wild: Yet more use-after-free vulns in Arm’s Mali GPU driver ...
Security Boulevard
Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug
Richi Jennings | | Buffer Overflow, buffer overflow attack, Buffer Overflow Vulnerabilities, buffer overflows, Chrome, Chromium, edge, Electron, Exploitable Vulnerabilities, Firefox, google, Heap Overflow, libwebp, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, opera, SB Blogwatch, secure software supply chain, slack, software supply chain, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, thunderbird, WebP
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Security Boulevard
Security Teams Need to Address One of the Biggest Software Supply Chain Risks: Open Source
rezilion | | open source, open source risk, Open Source Security, open source vulnerabilities, rsa, software supply chain, software supply chain risk, Uncategorized
One of the biggest threats to software supply chain security is open source software applications and components. Many enterprises and small businesses have come to rely on open source solutions, and they ...
Fortinet Discreetly Patches CVE-2023-27997, a Known Exploited Vulnerability
Yotam Perkal | | Critical Vulnerabilities, Fortinet, software supply chain attacks, software supply chain risk, Uncategorized, Vulnerability Management, zero-day
According to Fortinet, 110 vulnerabilities affecting Fortinet software were announced since the beginning of 2023. On June 8th, security fixes were released in FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5 ...
The Biggest Risks to the Software Supply Chain
Esther Shein | | Application Security, software supply chain, software supply chain attacks, software supply chain risk, Uncategorized
Software supply chain risks is an increasingly hot topic because attention to the supply chain has grown in recent years. Its importance has naturally attracted the attention of hackers, so protecting the ...
The Cyber Resilience Imperative for Software Supply Chain Security
Esther Shein | | Application Security, cyber resilience, software supply chain risk, software supply chain security, Supply Chain Risk, Uncategorized, Vulnerability Management
The concepts of cyber resilience and software supply chain security go hand in hand. It’s heartening that many organizations now recognize the cybersecurity landscape continues to evolve and grow more sophisticated and ...
How Software Supply Chain Vulnerabilities Lead to Attacks
rezilion | | software supply chain attacks, software supply chain risk, Supply Chain Risk, Uncategorized, Vulnerability Management
By Esther Shein Software supply chain attacks are increasingly gaining attention. Why? Software developers today have grown increasingly reliant on vendors, suppliers, and partners, so the software supply chain has become a ...
What’s The Difference Between Software Supply Chain Security vs SCA?
rezilion | | SCA, Software Composition Analysis, software supply chain, software supply chain attacks, software supply chain risk, software supply chain security, Uncategorized
Protecting the software supply chain is now a major organizational priority. Two weapons in the arsenal to help protect against data breaches and digital attacks are software supply chain security and software composition ...