supply chain
Backdoor in XZ Utils That Almost Happened
Bruce Schneier | | backdoors, economics of security, essays, Hacking, Infrastructure, Linux, national security policy, open source, SSH, supply chain, Uncategorized
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s ...
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Richi Jennings | | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard
Eclypsium and Second Front Announce Partnership to Enhance Security in the Digital Supply Chain of the Department of Defense
Portland, OR – February 27, 2024 – Eclypsium, the leader in digital supply chain security for enterprise hardware, firmware and software infrastructure, and Second Front Systems (2F), whose mission is to accelerate ...
Malicious Packages in npm, PyPI Highlight Supply Chain Threat
Jeffrey Burt | | cyberattacks, npm security, PyPI, PyPI malicious packages, software supply chain attack, supply chain
Software developers are being targeted with malicious packages in npm and PyPI as threat groups launch software supply-chain attacks ...
Security Boulevard
Report: Cyberattacks Against Software Supply Chains Become More Targeted
Phylum found an increase in the discovery of malicious packages targeting the software supply chains of specific organizations ...
Security Boulevard
Enhancing trust for SGX enclaves
By Artur Cygan Creating reproducible builds for SGX enclaves used in privacy-oriented deployments is a difficult task that lacks a convenient and robust solution. We propose using Nix to achieve reproducible and ...
Celebrating our 2023 open-source contributions
Trail of Bits | | blockchain, cryptography, Ecosystem Security, machine learning, open source, osquery, supply chain
At Trail of Bits, we pride ourselves on making our best tools open source, such as Slither, PolyTracker, and RPC Investigator. But while this post is about open source, it’s not about ...
Supply Chain Attack Methodologies – It’s the Installer Now
Joao Correia | | Java, Java developers, SecureChain for Java, supply chain, Supply Chain Attack Methodologies
”Supply chain attack” encompasses many different forms of attacks and exploits Yet another type was recently uncovered – malicious behavior in properly signed installers While this particular case was not Java specific, ...
Internet freedom with the Open Technology Fund
Trail of Bits | | audits, Dynamic Analysis, Ecosystem Security, Engineering Practice, open source, supply chain, Uncategorized
By Spencer Michaels, William Woodruff, Jeff Braswell, and Cliff Smith Trail of Bits cares about internet freedom, and one of our most valued partners in pursuit of that goal is the Open ...
The Role of XBOMs in Supporting Cybersecurity
SBOMs aren’t the only bills of materials that are necessary for the protection of your tech stack. XBOMs are growing in importance ...
Security Boulevard