Hot Topics

supply chain

Backdoor in XZ Utils That Almost Happened

| | backdoors, economics of security, essays, Hacking, Infrastructure, Linux, national security policy, open source, SSH, supply chain, Uncategorized
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s ...
Schneier on Security
A fork, wrapped in delicious pasta

GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL

| | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard

Eclypsium and Second Front Announce Partnership to Enhance Security in the Digital Supply Chain of the Department of Defense

| | DoD, Press Release, security assurance, supply chain
Portland, OR – February 27, 2024 – Eclypsium, the leader in digital supply chain security for enterprise hardware, firmware and software infrastructure, and Second Front Systems (2F), whose mission is to accelerate ...
Eclypsium | Supply Chain Security for the Modern Enterprise
supply chain software

Malicious Packages in npm, PyPI Highlight Supply Chain Threat

| | cyberattacks, npm security, PyPI, PyPI malicious packages, software supply chain attack, supply chain
Software developers are being targeted with malicious packages in npm and PyPI as threat groups launch software supply-chain attacks ...
Security Boulevard
AI code fixing

Report: Cyberattacks Against Software Supply Chains Become More Targeted

| | malicious packages, Phylum, Software Security, supply chain
Phylum found an increase in the discovery of malicious packages targeting the software supply chains of specific organizations ...
Security Boulevard

Enhancing trust for SGX enclaves

| | confidential computing, Ecosystem Security, open source, supply chain
By Artur Cygan Creating reproducible builds for SGX enclaves used in privacy-oriented deployments is a difficult task that lacks a convenient and robust solution. We propose using Nix to achieve reproducible and ...
Trail of Bits Blog

Celebrating our 2023 open-source contributions

| | blockchain, cryptography, Ecosystem Security, machine learning, open source, osquery, supply chain
At Trail of Bits, we pride ourselves on making our best tools open source, such as Slither, PolyTracker, and RPC Investigator. But while this post is about open source, it’s not about ...
Trail of Bits Blog

Supply Chain Attack Methodologies – It’s the Installer Now

| | Java, Java developers, SecureChain for Java, supply chain, Supply Chain Attack Methodologies
”Supply chain attack” encompasses many different forms of attacks and exploits Yet another type was recently uncovered – malicious behavior in properly signed installers While this particular case was not Java specific, ...
TuxCare

Internet freedom with the Open Technology Fund

| | audits, Dynamic Analysis, Ecosystem Security, Engineering Practice, open source, supply chain, Uncategorized
By Spencer Michaels, William Woodruff, Jeff Braswell, and Cliff Smith Trail of Bits cares about internet freedom, and one of our most valued partners in pursuit of that goal is the Open ...
Trail of Bits Blog
supply chain, SBOM, cybersecurity, SLSA organizations third party attacks supply chain supply chain ransomware The Kill Chain Model

The Role of XBOMs in Supporting Cybersecurity

| | bill of materials, BOM, Cybersecurity, SBOM, supply chain, XBOM
SBOMs aren’t the only bills of materials that are necessary for the protection of your tech stack. XBOMs are growing in importance ...
Security Boulevard
Load more