Supply chain attack

Sonatype Unveils Full-Spectrum Software Supply Chain Management Platform

Retrieved on: 
Tuesday, March 16, 2021
Software development, Computer security, Agile software development, Software development process, Supply chain attack, Infrastructure as Code, Supply chain management

FULTON, Md., March 16, 2021 (GLOBE NEWSWIRE) -- Sonatype , the leader in developer-friendly tools for software supply chain management and security, today unveiled the next-generation Nexus platform offering customers full-spectrum control of the cloud-native software development lifecycle including: third-party open source code, first-party source code, infrastructure as code (IaC), and containerized code.

Key Points: 
  • FULTON, Md., March 16, 2021 (GLOBE NEWSWIRE) -- Sonatype , the leader in developer-friendly tools for software supply chain management and security, today unveiled the next-generation Nexus platform offering customers full-spectrum control of the cloud-native software development lifecycle including: third-party open source code, first-party source code, infrastructure as code (IaC), and containerized code.
  • As software development teams race forward to deliver new digital innovations, software supply chain management and security has been ushered to center stage, says Wayne Jackson, CEO, Sonatype.
  • Backed by Nexus Intelligence, it also boosts visibility to early-stage software supply chain attacks and alerts development teams to the new adversarial threats.
  • With high profile attacks on software supply chains making headlines the world over, enterprises are moving to harden their development infrastructure against attackers.

Risk of SolarWinds-Style Attacks Through Vendor Email Compromise Increased 82%, Abnormal Threat Research Report Reveals

Retrieved on: 
Wednesday, February 17, 2021
Data management, Security, Technology, Software, Networks, Internet, Computing, Information technology management, Information technology, Computer security, Cyberwarfare, Cybercrime, Cross-platform software, Network management, SolarWinds, Supply chain attack, eMail

Based on an analysis of cyber-attacks on Fortune 1000 companies stopped by Abnormal Security from Q3 2020 to January 2021, the report, The Rising Threat of Vendor Email Compromise in a Post-SolarWinds Era , is the industrys first benchmark of the risk and cost of vendor email compromise attacks.

Key Points: 
  • Based on an analysis of cyber-attacks on Fortune 1000 companies stopped by Abnormal Security from Q3 2020 to January 2021, the report, The Rising Threat of Vendor Email Compromise in a Post-SolarWinds Era , is the industrys first benchmark of the risk and cost of vendor email compromise attacks.
  • The report released today is the latest in a quarterly research series on the state of vendor email compromise, which has focused on supply chain attacks.
  • To download the full Abnormal Security report, The Rising Threat of Vendor Email Compromise in a Post-SolarWinds Era, please visit here .
  • Abnormal Security is a next-generation cloud email security company that protects enterprises from targeted email attacks, account compromise and supply chain compromise.

SecurityWeek to Host Supply Chain Security Summit on March 10, 2021

Retrieved on: 
Thursday, February 11, 2021
Supply chain management, Manufacturing, Online Retail, Other Health, Logistics, Supply chain management, VoIP, Mobile, Wireless, Health, General Health, Transport, Homeland security, Other Technology, Telecommunications, Retail, Software, Networks, Public policy, Government, Internet, Hardware, Data management, Technology, Other Natural Resources, Semiconductor, Other Energy, Security, Natural Resources, Utilities, Satellite, Other Manufacturing, Oil, Gas, Other Defense, Nanotechnology, Defense, Alternative energy, Energy, Information technology management, Computing, Information technology, Cyberwarfare, Computer security, Supply chain management, Cross-platform software, Network management, SolarWinds, Supply chain attack, Supply chain security, Security, Security Summits Virtual Events, SecurityWeek:

SecurityWeek, a leading provider of cybersecurity news and information to global enterprises, will host its 2021 Supply Chain Security Summit as a virtual event on March 10, 2021.

Key Points: 
  • SecurityWeek, a leading provider of cybersecurity news and information to global enterprises, will host its 2021 Supply Chain Security Summit as a virtual event on March 10, 2021.
  • In the wake of the SolarWinds mega-hack that continues to unravel, software supply chain security and fragility is again on the front-burner for enterprise security decision makers.
  • The complexity and opaqueness of the software supply chain has led to nation-state compromises and major worries that were only seeing the tip of the iceberg.
  • Free to attend , this virtual cybersecurity summit will examine the current state of supply chain attacks, the weakest links along the way, the biggest supply chain hacks in history, and best practices for managing this massive attack surface.

Center for Internet Security (CIS) Releases New Elections Technology Cybersecurity Supply Chain Guide

Retrieved on: 
Thursday, February 11, 2021
Supply chain management, Computing, Articles, Information technology management, Cyberwarfare, Computer security, Computer network security, Supply chain attack, Supply chain risk management, Risk management, Center for Internet Security, SolarWinds

EAST GREENBUSH, N.Y., Feb. 11, 2021 /PRNewswire/ --The Center for Internet Security, Inc. (CIS) released Managing Cybersecurity Supply Chain Risks in Election Technology: A Guide for Election Technology Providers today in response to a need identified by the broader election community.

Key Points: 
  • EAST GREENBUSH, N.Y., Feb. 11, 2021 /PRNewswire/ --The Center for Internet Security, Inc. (CIS) released Managing Cybersecurity Supply Chain Risks in Election Technology: A Guide for Election Technology Providers today in response to a need identified by the broader election community.
  • The guide focuses on the cybersecurity risks involving hardware, firmware, and software that are in the election technology supply chain.
  • Managing Cybersecurity Supply Chain Risks in Election Technology also includes a non-technical overview of cybersecurity supply chain risk management, and describes a 5-step process for identifying and managing suppliers based on a prioritization of risk to election technology products and services:
    Identify and document supply chain, including asset identification
    Just prior to this guide being finalized, the world learned of the SolarWinds supply chain attack.
  • You can find Managing Cybersecurity Supply Chain Risks in Election Technology: A Guide for Election Technology Providers and more Election Security Best Practices Resources on the CIS website: https://www.cisecurity.org/elections-resources/ .

OMNIQ Announces Partnership with Check Point Software Technologies on “ZoneAlarm” Cyber Security Solution

Retrieved on: 
Tuesday, December 29, 2020
Computing, Software, Cybercrime, Computer network security, Computer security, Antivirus software, Check Point, Server appliance, ZoneAlarm, Supply chain attack

SALT LAKE CITY, Dec. 29, 2020 (GLOBE NEWSWIRE) -- OMNIQ Corp. (OTCQB: OMQS) (OMNIQ or the Company), a provider of Supply Chain and Artificial Intelligence (AI)-based solutions, today announced a partnership with Check Point Software Technologies Ltd. (Nasdaq: CHKP) (Check Point), a leading provider of cyber security solutions globally, to offer Check Points ZoneAlarm security software in tandem with OMNIQs supply chain mobility solutions for its multi-industry customer base, including Fortune 500 companies.

Key Points: 
  • SALT LAKE CITY, Dec. 29, 2020 (GLOBE NEWSWIRE) -- OMNIQ Corp. (OTCQB: OMQS) (OMNIQ or the Company), a provider of Supply Chain and Artificial Intelligence (AI)-based solutions, today announced a partnership with Check Point Software Technologies Ltd. (Nasdaq: CHKP) (Check Point), a leading provider of cyber security solutions globally, to offer Check Points ZoneAlarm security software in tandem with OMNIQs supply chain mobility solutions for its multi-industry customer base, including Fortune 500 companies.
  • Check Point is the largest pure-play cyber security vendor globally and provides leading-edge solutions to protect cloud, network and mobile device-held information of government and corporate enterprise customers from all types of cyber threats.
  • We are delighted to join forces with OMNIQ and provide data security to their strong customer base, said Dror Levy, Head of Consumer Sales at Check Point.
  • We are honored to partner with Check Point, the world leader in cyber security, in offering vital data security features to our existing Fortune 500 customers, as well as to new customers who are interested in our state-of-the-art mobile supply chain equipment now featuring the leading cyber security solution, said Shai Lustgarten, CEO of OMNIQ.

Safe-T Offers Free Review of Organizations’ Networks and Attack Footprint in Face of Recent SolarWinds Supply Chain Attacks

Retrieved on: 
Monday, December 28, 2020
Information technology management, Computing, Computer networking, Cross-platform software, Network management, SolarWinds, System administration, Supply chain attack, Multi-factor authentication, International Multilateral Partnership Against Cyber Threats

Safe-T's ZoneZero Multi-Factor Authentication (MFA) solution is designed to add the core component of a strong identity and access management policy to any corporate resource and secure organizations against supply chain attacks, including the recent attacks.

Key Points: 
  • Safe-T's ZoneZero Multi-Factor Authentication (MFA) solution is designed to add the core component of a strong identity and access management policy to any corporate resource and secure organizations against supply chain attacks, including the recent attacks.
  • Recently, it was reported that a threat-actor managed to infiltrate a large number of organizations, including several U.S. government agencies.
  • Based on SolarWinds data, 33,000 organizations use Orions software, and 18,000 were directly impacted by this malicious update.
  • Safe-Ts wide range of access solutions reduce organizations attack surface and improve their ability to defend against modern cyberthreats.

Zscaler Launches Security Assessment Program for Organizations Navigating SolarWinds Cyberattack

Computing, Cyberwarfare, Content-control software, Zscaler, Cryptography, Information governance, Jay Chaudhry, Computer security, Supply chain attack

SAN JOSE, Calif., Dec. 23, 2020 (GLOBE NEWSWIRE) -- Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced a security assessment program designed to help organizations assess the SolarWinds supply-chain attack, analyze potential impact on their organization, and inform adherence to Zscalers recommended best practices.

Key Points: 
  • SAN JOSE, Calif., Dec. 23, 2020 (GLOBE NEWSWIRE) -- Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced a security assessment program designed to help organizations assess the SolarWinds supply-chain attack, analyze potential impact on their organization, and inform adherence to Zscalers recommended best practices.
  • The Zscaler Security Assessment is designed to help organizations gain immediate visibility into their security posture and provide expert guidance and hands-on support to protect their enterprise.
  • It highlights that as organizations embrace digital transformation, they have increased exposure to risk if they rely on traditional approaches to security, said Jay Chaudhry, CEO, Chairman, and Founder, Zscaler.
  • The Zscaler Security Assessment Program brings together security experts to educate organizations on the attack, guide them through Zscalers recommended best practices, and offer hands-on expertise to implement best practices.

BlueVoyant Research Reveals That 92% of US Organizations Have Experienced a Breach Because of Weaknesses in Their Supply Chain

Retrieved on: 
Wednesday, September 23, 2020
Articles, Academic disciplines, Cybercrime, Cyberwarfare, Data security, Computer network security, Computer security, Malware, Risk management, Supply chain attack

The study reveals that 92% of US organizations surveyed had experienced a cybersecurity breach that originated from vulnerabilities in their vendor ecosystem in the past 12 months.

Key Points: 
  • The study reveals that 92% of US organizations surveyed had experienced a cybersecurity breach that originated from vulnerabilities in their vendor ecosystem in the past 12 months.
  • Just under one third (31%) monitor their entire supply chain, which means that 69% do not have full visibility.
  • 86% say that budget for third-party cyber risk management is increasing, by an average figure of 45%.
  • The full US BlueVoyant research report: "Global Insights: Supply Chain Cyber Risk Managing Cyber Risk Across the Extended Vendor Ecosystem" is available here .

BlueVoyant research reveals that more than a third of UK organisations have no way of knowing if a cyber risk emerges in their supply chain

Retrieved on: 
Wednesday, September 23, 2020
Articles, Academic disciplines, Computer security, Actuarial science, Project management, Risk management, Security, Supply chain, Supply chain attack

Other key UK findings include:

Key Points: 
  • Other key UK findings include:
    34% say they have no way of knowing if cyber risk emerges in a third-party vendor, this was the highest out of all five countries surveyed.
  • Just over one fifth (22%) monitor their entire supply chain which means that 78% do not have full visibility.
  • 87% say that budget for third-party cyber risk management is increasing, by an average figure of 45%.
  • The full UK BlueVoyant research report: "Global Insights: Supply Chain Cyber Risk Managing Cyber Risk Across the Extended Vendor Ecosystem" is available here .

Sonatype’s 2020 State of the Software Supply Chain Report finds 430% Increase in Next Generation Open Source Cyber Attacks

Retrieved on: 
Wednesday, August 12, 2020
Computer security, Supply chain management, Agile software development, Software development process, DevOps, Information technology management, Equifax, Supply chain attack, Computing, Cyberattack, Supply chain, Management

Fulton, Md., Aug. 12, 2020 (GLOBE NEWSWIRE) -- Sonatype , the company that scales DevOps through open source governance and software supply chain automation, today released its sixth annual State of the Software Supply Chain Report .

Key Points: 
  • Fulton, Md., Aug. 12, 2020 (GLOBE NEWSWIRE) -- Sonatype , the company that scales DevOps through open source governance and software supply chain automation, today released its sixth annual State of the Software Supply Chain Report .
  • This years report found a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains.
  • According to the report, 929 next generation software supply chain attacks were recorded from July 2019 through May 2020.
  • Following the notorious Equifax breach of 2017, enterprises significantly ramped investments to prevent similar attacks on open source software supply chains, said Wayne Jackson CEO at Sonatype.