Search results for: supply chain compromise

Crosspoint invests in ReversingLabs to scale its sales and marketing efforts

Crosspoint Capital Partners announced that it led a Series B investment in ReversingLabs (the “Company”), a provider of technology to protect software producers and enterprise software buyers against the threat of software supply chain attacks. Joining Crosspoint is existing investor ForgePoint Capital along with new investor Prelude, a Mercato Partners fund. Terms were not disclosed. With the rise in sophisticated software supply chain cyberattacks such as implants, ReversingLabs offers the ability to assess the integrity … More

Tomislav Pericin

The destructive power of supply chain attacks and how to secure your code

In this Help Net Security podcast, Tomislav Peričin, Chief Software Architect at ReversingLabs, explains the latest and most destructive supply chain attacks, their techniques and how to build more secure apps. Here’s a transcript of the podcast for your convenience. Jasmine: I’m here today with Tomislav Peričin, Chief Software Architect with ReversingLabs, talking about the hot topic of supply chain attacks. So, Tomislav, the media is all the buzz about Kaseya and SolarWinds and labeled … More


Supply chain attacks expected to multiply by 4 in 2021

Supply chain attacks have been a concern for cybersecurity experts for many years because the chain reaction triggered by one attack on a single supplier can compromise a network of providers. Malware is the attack technique that attackers resort to in 62% of attacks. According to the ENISA report which analysed 24 recent attacks, strong security protection is no longer enough for organizations when attackers have already shifted their attention to suppliers. This is evidenced … More


The importance of compute lifecycle assurance in a zero-trust world

With the proliferation of attack surfaces in IoT, the increase in firmware-based attacks on hardware, and growing threats to systems throughout their lifecycle, companies are beginning to embrace the new model of zero trust for systems. Compute lifecycle assurance For the last decade, it’s been common practice for IT to require end users to authenticate themselves before they are granted access to the system or network. But in a zero-trust world, this requirement extends beyond … More


Where does the SME fit into a supply chain attack?

“No business is an island, entire of itself” (with apologies to John Donne). Businesses have connections to other businesses, who supply them with goods, and whom they supply with goods – both parts and software. These connections are known as the supply chain. It can be long and convoluted and has become a favoured attack vector for cybercriminals. In many cases, a company has its own supply chain while simultaneously being part of the supply … More

cloud complexity

Government IT decision makers worried about security risks related to cloud migration

Nearly 70% of U.S. government IT decision makers surveyed view security risks as the top barrier when migrating to modern cloud platforms, a Morning Consult survey reveals. Of those surveyed, security also now outweighs reducing costs by almost double as the reason to modernize IT infrastructures. Recent cybersecurity threats including SolarWinds, one of the largest supply chain attacks in recent history, and the Kaseya cyberattack impacting 1,500 global organizations, have put a spotlight on current … More


Manufacturers turning to zero trust to better secure their networks

In response to the 62% global increase in ransomware since 2019 (158% increase in North America) and over 40% of manufacturing firms suffering a cyberattack last year, Onclave Networks recommends manufacturers adopt zero trust architecture and security guidelines as supported by the NSA, the Biden Administration executive order 14028 and NIST SP 800-207 Cybersecurity Framework. Over the last several years, manufacturing has gone through an information technology (IT) and operational technology (OT) convergence. The integration … More


Who is responsible for improving security in the software development environment?

Venafi announced the findings of a global survey that evaluates the impact of software supply chain attacks like SolarWinds/SUNBURST, CodeCov and Kaseya/REvil on how development organizations are changing their approach to securing software build and delivery environments. The survey evaluated the opinions of over 1,000 information security professionals, developers and executives in the IT and software development industries. Misalignemnt between security and development teams According to the survey, respondents nearly unanimously agree (97%) that the … More

Bitdefender launches XEDR solution to improve security efficacy against cyberattacks

Bitdefender unveiled the next evolution of Endpoint Detection and Response solutions – eXtended EDR (XEDR) with the addition of analytics and cross-endpoint security event correlation to Bitdefender Endpoint Detection and Response (EDR) and GravityZone Ultra, the company’s unified endpoint prevention, detection and response and risk analytics platform. These new capabilities increase security efficacy for identifying and stopping the spread of ransomware attacks, advanced persistent threats (APTs) and other sophisticated attacks before they impact business operations. … More


SolarWinds patches zero-day exploited in the wild (CVE-2021-35211)

SolarWinds has released an emergency patch for CVE-2021-35211, a RCE vulnerability affecting its Serv-U Managed File Transfer and Serv-U Secure FTP that is currently being exploited in the wild. “Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability. SolarWinds is unaware of the identity of the potentially affected customers,” the company shared. Microsoft has also shared … More

threat modeling

79% of organizations identify threat modeling as a top priority in 2021

Security Compass published the results of a report designed to provide a better understanding of the current state of threat modeling in mid-sized, $100M to $999M and large sized, $1B + enterprises, with a specific focus on the challenges organizations face in scaling threat modeling for the applications they build and deploy. Individuals directly involved in threat modeling efforts within their organizations provided insights on their companies’ approach as well as gaps and vulnerabilities. The … More


IT, healthcare and manufacturing top targets for cyberattacks

Avanan announced the release of a report which analyzes today’s threat landscape, phishing vectors, and industry-based attacks, exposing healthcare and manufacturing as two of the top targets for cyberattacks in the first half of the year. “With hospitals around the world being hit with ransomware attacks and manufacturers experiencing supply chain disruption due to cyberattacks, the Avanan research shows that hackers are using one of the most basic tactics to get in ‒ phishing attacks,” … More