Search results for: supply chain compromise

week in review

Week in review: How to improve your AD security posture, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news and articles: July 2021 Patch Tuesday forecast: Don’t wait for Patch Tuesday There’s been lots of excitement around the recently announced print spooler vulnerability CVE-2021-34527, commonly referred to as PrintNightmare. The excitement stems from the fact that this vulnerability has a CVSS score of 8.8, is present in ALL Windows operating systems, has been publicly disclosed with known exploits, and allows an attacker to … More

lock

How can a business ensure the security of their supply chain?

Since the SolarWinds’ supply chain attack, there has been an increased focus on how organizations of all sizes ensure the security of their suppliers. Large and small organizations alike have been victims of supply chain attacks. Even with government resources and funding, the U.S. Treasury and Department of Homeland Security not only have yet to solve the problem – they were affected in the SolarWinds’ attack. The reality is that supply chain attacks are not … More

ransomware

Navigating the complexity of ransomware negotiations

Most ransomware attacks are opportunistic, and at the end of the day, cybercriminals do not discriminate. Nobody plans to fall victim, but the fact is any company with an internet presence, regardless of size, is at risk. These incidents cause significant disruptions to companies’ ongoing operations, which can be greatly detrimental, especially to those in manufacturing, energy, and healthcare sectors. Left to the attacker’s discretion, companies can feel lost trying to piece together this high-stakes … More

container

It takes less than one hour to exploit vulnerable container infrastructure

Aqua Security published a research revealing a continued rise in cyberattacks targeting container infrastructure and supply chains, and showing that it can now take less than one hour to exploit vulnerable container infrastructure. The report provides a detailed analysis of how bad actors are getting better at hiding their increasingly sophisticated attacks. “The threat landscape has morphed as malicious adversaries extend their arsenals with new and advanced techniques to avoid detection,” said Assaf Morag, Lead … More

Broken glass

Defense supply chain vulnerabilities creating security gaps

A BlueVoyant report highlights critical vulnerabilities within the defense supply chain ecosystem. The report includes evidence of the exploitable cyber weaknesses of SMBs within the Defense Industrial Base (DIB) and demonstrates how cybercriminals are becoming increasingly adept at locating and exploiting the weakest link within the supply chain. As part of its assessment of the scale of the problem for SMB defense companies, the security of 300 subcontractor firms was examined within the DIB using … More

numbers

Are your cryptographic keys truly safe? Root of Trust redefined for the cloud era

In the digital world, cryptographic solutions use encryption keys to secure data at rest, data in use, and data in transit. They are responsible for encrypting and decrypting the data, validating identities by authenticating users and devices, and securing transactions with digital signatures and certificates. Beneath the complex world of encryption use cases and algorithms lies a simple, fundamental principle: the encryption keys must remain a secret. As soon as an encryption key becomes known, … More

Sequitur Labs EmPOWER Service secures lifecycle management of IoT devices

Sequitur Labs introduced its EmPOWER Service, a new cloud-based offering that securely monitors, manages and updates IoT devices to address technical, IP, supply chain and business-process challenges faced by IoT developers and manufacturers dealing with the acceleration of Artificial Intelligence at the network edge. Sequitur’s EmPOWER Platform introduces Trust-as-a-Service to edge devices. Edge device OEM’s must be assured that security is implemented through a product’s entire value chain – design, manufacturing, and deployment – and … More

risk

Mitigating third-party risks with effective cyber risk management

Third-party engagement has steadily become an essential part of business operations for many organizations, enlisted for all kinds of products and services across nearly all sectors, regardless of size, geographical location or type of industry. But because systems are so interconnected and third parties often hold sensitive information or have access to a partner’s systems, they can also be the weak link in the cybersecurity chain. Third-party cyber risk management Third-party and digital supply chain … More

Proofpoint unveils people-centric innovations across its three platforms

Proofpoint announced several people-centric innovations across its three flagship platforms: Threat Protection, Compliance, and the new Information Protection and Cloud Security. Available now, Proofpoint’s Information Protection and Cloud Security platform is the cloud native solution that combines enterprise data loss prevention (DLP), insider threat management, cloud app security broker (CASB), zero trust network access, remote browser isolation, and a cloud native web security solution. “People are unquestionably the new perimeter—especially as organizations embrace hybrid work … More

COVID-19

Defending the COVID-19 vaccine rollout with best practices from the cybersecurity industry

Over the past year, pharmaceutical companies and healthcare organizations have rushed to develop a COVID-19 vaccine. It is a testament to the innovations of the medical industry that several companies around the globe have succeeded in creating and rolling out highly effective, life-saving vaccines in such a short period of time. However, the extremely high demand for COVID-19 vaccines makes them a tempting target for criminals seeking to make a quick buck. All over the … More

Resecurity enables enterprises to perform digital risk evaluation of third parties

Resecurity has introduced a new feature enabling enterprises, defense, and government agencies to perform digital risk evaluation of third parties, including but not limited to vendors, partners, contractors, and other entities involved in the supply chain ecosystem. This follows U.S. President Joe Biden’s signing of an Executive Order which requires a comprehensive review of systemic supply chain risks in high-priority industries. “Third-parties in the supply chain pose the major cybersecurity threats,” President Biden stated, referring … More

endpoint protection

Endpoint complexities leaving sensitive data at risk

Absolute Software announced key findings from its report which shines a light on key trends affecting enterprise data and device security, and underscores the dangers of compromised security controls in expanding an already wide attack surface for today’s enterprises. Researchers estimate that the number of ransomware attacks grew by more than 150% in 2020, fueled by the global pandemic and the massive disruption to IT and security operations. According to The Coveware Quarterly Ransomware Report, … More