Software Supply Chains
Checkmarx Report Surfaces Software Supply Chain Compromises
A Checkmarx report found 56% of attacks against software supply chains resulted in thefts of credential and confidential data ...
Mastering SBOMs: Best practices
In our recent webinar, Mastering SBOMs: Best Practices, speakers, including Ilkka Turunen, Field CTO, Sonatype, Roger Smith, Global Testing and Digital Assurance Lead, DXC Technology, and Marc Luescher, Solution Architect, AWS, shed ...
Alert: NuGet Package SeroXen RAT Threat to .NET Developers
In a recent security issue, a deceptive NuGet package threatens .NET developers with the deployment of the SeroXen RAT, a harmful remote access trojan. Because the .NET framework is no longer limited ...
Software Supply Chain Risks for Low- and No-Code Application Development
Supply chain attacks occur when a third-party vendor or partner with less robust security measures is breached, allowing attackers to indirectly gain access to an organization. This can happen through backdoors planted ...
What is the W4SP Information Stealer?
Since mid-October, W4SP malware is attacking software supply chains; in this case, it's using Python packages to launch an information stealer. The post What is the W4SP Information Stealer? appeared first on ...
OWASP® Global AppSec US 2021 Virtual – Ronen Slavin’s ‘Analyzing Google’s SLSA Framework For Securing Software Supply Chains’
Our thanks to both the OWASP® Foundation and the OWASP Global AppSec US 2021 Virtual Conference Presenters for publishing their well-crafted application security videos on the organization’s’ YouTube channel. Permalink ...
‘Trojan Source’ Makes Scary Headlines—But it’s Not New
Trojan Source “threatens the security of all code,” screams a widely shared article. Poppycock. There’s nothing new here ...
Consumer Confidence in Data Security Plummets
Organizations’ increasing use of contractors, freelancers and other third-party workers is weakening consumers’ trust in their data security, according to a study by SecZetta. The survey of more than 2,000 U.S. adults ...
What Constitutes a Software Supply Chain Attack?
We are just halfway through 2021, and have already seen an exceptional increase in open source malware and novel supply chain attacks. And, they seem to just keep coming. ...
Kaseya Ransomware: a Software Supply Chain Attack or Not?
Following the 4th of July weekend, our industry finds itself digesting the details of yet another large-scale and high-profile ransomware attack. This time its the exploitation of Kaseya’s network monitoring and remote ...
