Search results for: supply chain compromise

ENISA

Supply chain attacks expected to multiply by 4 in 2021

Supply chain attacks have been a concern for cybersecurity experts for many years because the chain reaction triggered by one attack on a single supplier can compromise a network of providers. Malware is the attack technique that attackers resort to in 62% of attacks. According to the ENISA report which analysed 24 recent attacks, strong security protection is no longer enough for organizations when attackers have already shifted their attention to suppliers. This is evidenced … More

zero

The importance of compute lifecycle assurance in a zero-trust world

With the proliferation of attack surfaces in IoT, the increase in firmware-based attacks on hardware, and growing threats to systems throughout their lifecycle, companies are beginning to embrace the new model of zero trust for systems. Compute lifecycle assurance For the last decade, it’s been common practice for IT to require end users to authenticate themselves before they are granted access to the system or network. But in a zero-trust world, this requirement extends beyond … More

red

Where does the SME fit into a supply chain attack?

“No business is an island, entire of itself” (with apologies to John Donne). Businesses have connections to other businesses, who supply them with goods, and whom they supply with goods – both parts and software. These connections are known as the supply chain. It can be long and convoluted and has become a favoured attack vector for cybercriminals. In many cases, a company has its own supply chain while simultaneously being part of the supply … More

cloud complexity

Government IT decision makers worried about security risks related to cloud migration

Nearly 70% of U.S. government IT decision makers surveyed view security risks as the top barrier when migrating to modern cloud platforms, a Morning Consult survey reveals. Of those surveyed, security also now outweighs reducing costs by almost double as the reason to modernize IT infrastructures. Recent cybersecurity threats including SolarWinds, one of the largest supply chain attacks in recent history, and the Kaseya cyberattack impacting 1,500 global organizations, have put a spotlight on current … More

zero

Manufacturers turning to zero trust to better secure their networks

In response to the 62% global increase in ransomware since 2019 (158% increase in North America) and over 40% of manufacturing firms suffering a cyberattack last year, Onclave Networks recommends manufacturers adopt zero trust architecture and security guidelines as supported by the NSA, the Biden Administration executive order 14028 and NIST SP 800-207 Cybersecurity Framework. Over the last several years, manufacturing has gone through an information technology (IT) and operational technology (OT) convergence. The integration … More

Code

Who is responsible for improving security in the software development environment?

Venafi announced the findings of a global survey that evaluates the impact of software supply chain attacks like SolarWinds/SUNBURST, CodeCov and Kaseya/REvil on how development organizations are changing their approach to securing software build and delivery environments. The survey evaluated the opinions of over 1,000 information security professionals, developers and executives in the IT and software development industries. Misalignemnt between security and development teams According to the survey, respondents nearly unanimously agree (97%) that the … More

Bitdefender launches XEDR solution to improve security efficacy against cyberattacks

Bitdefender unveiled the next evolution of Endpoint Detection and Response solutions – eXtended EDR (XEDR) with the addition of analytics and cross-endpoint security event correlation to Bitdefender Endpoint Detection and Response (EDR) and GravityZone Ultra, the company’s unified endpoint prevention, detection and response and risk analytics platform. These new capabilities increase security efficacy for identifying and stopping the spread of ransomware attacks, advanced persistent threats (APTs) and other sophisticated attacks before they impact business operations. … More

SolarWinds

SolarWinds patches zero-day exploited in the wild (CVE-2021-35211)

SolarWinds has released an emergency patch for CVE-2021-35211, a RCE vulnerability affecting its Serv-U Managed File Transfer and Serv-U Secure FTP that is currently being exploited in the wild. “Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability. SolarWinds is unaware of the identity of the potentially affected customers,” the company shared. Microsoft has also shared … More

threat modeling

79% of organizations identify threat modeling as a top priority in 2021

Security Compass published the results of a report designed to provide a better understanding of the current state of threat modeling in mid-sized, $100M to $999M and large sized, $1B + enterprises, with a specific focus on the challenges organizations face in scaling threat modeling for the applications they build and deploy. Individuals directly involved in threat modeling efforts within their organizations provided insights on their companies’ approach as well as gaps and vulnerabilities. The … More

target

IT, healthcare and manufacturing top targets for cyberattacks

Avanan announced the release of a report which analyzes today’s threat landscape, phishing vectors, and industry-based attacks, exposing healthcare and manufacturing as two of the top targets for cyberattacks in the first half of the year. “With hospitals around the world being hit with ransomware attacks and manufacturers experiencing supply chain disruption due to cyberattacks, the Avanan research shows that hackers are using one of the most basic tactics to get in ‒ phishing attacks,” … More

week in review

Week in review: How to improve your AD security posture, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news and articles: July 2021 Patch Tuesday forecast: Don’t wait for Patch Tuesday There’s been lots of excitement around the recently announced print spooler vulnerability CVE-2021-34527, commonly referred to as PrintNightmare. The excitement stems from the fact that this vulnerability has a CVSS score of 8.8, is present in ALL Windows operating systems, has been publicly disclosed with known exploits, and allows an attacker to … More

lock

How can a business ensure the security of their supply chain?

Since the SolarWinds’ supply chain attack, there has been an increased focus on how organizations of all sizes ensure the security of their suppliers. Large and small organizations alike have been victims of supply chain attacks. Even with government resources and funding, the U.S. Treasury and Department of Homeland Security not only have yet to solve the problem – they were affected in the SolarWinds’ attack. The reality is that supply chain attacks are not … More