supply chain
“Everything” and the Node.js kitchen sink too
*The Supply Chain is vulnerable at all levels, from the code to the distribution *Node.js repository was effectively locked after a developer uploaded a malicious package It’s often hard to differentiate between ...
Exploring EMBA: Unraveling Firmware Security with Confidence
Firmware security analysis is a critical aspect of modern cybersecurity. As our devices become more interconnected and reliant on firmware, understanding the vulnerabilities in this often overlooked layer of software is paramount ...
How CISA can improve OSS security
By Jim Miller The US government recently issued a request for information (RFI) about open-source software (OSS) security. In this blog post, we will present a summary of our response and proposed ...
SolarWinds Swings Back at SEC Following Fraud Charges
Executives at SolarWinds are pushing back at the lawsuit filed this week by the Securities and Exchange Commission against the company and its top security official in connection with the high-profile cyberattack, ...
Supply Chain Attacks – Risk Perception vs Reality
Supply chain attacks have surged in recent years, gradually becoming a formidable threat in the cybersecurity landscape. Yet, despite their growing prevalence, there seems to be a disconnection between the perception and ...
Eclypsium Named Most Innovative Software Supply Chain Security Company in Coveted Top InfoSec Innovator Awards for 2023
Portland, OR – Oct. 27, 2023 – Eclypsium®, the digital supply chain security company protecting critical hardware, firmware, and software in enterprise IT infrastructure, today announced that Cyber Defense Magazine (CDM), the ...
Biggest GitHub code security threats | Software Supply Chain Security | Contrast Security
GitHub is the Megladon of source code hosts, and as such, it sports a gargantuan bulls-eye that flashes neon to hackers looking to poison the software supply chain. ...
The Secure Java Developer’s Toolkit
Java remains one of the most popular and widely-used programming languages. It’s not just about writing and running Java programs, though. A typical Java developer working in Linux has an entire ecosystem ...
Cybersecurity Insights with Contrast CISO David Lindner | 9/29
Insight #1 For years — since 2018 — the National Institute of Standards and Technology (NIST) has said that password length trumps password complexity requirements. Now LastPass is forcing users into choosing ...
Long Live the Pwn Request: Hacking Microsoft GitHub Repositories and More
Software supply chain attacks have been increasing both in frequency and severity in recent months. In response to these attacks, the CISA has even released a cybersecurity information sheet (CSI) on how ...
