Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking supply chain attack bomb.”
The post Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets appeared first on SecurityWeek.
CISA, NSA, and ODNI issue new guidance on managing open source software and SBOMs to maintain awareness on software security.
The post US Government Issues Guidance on SBOM Consumption appeared first on SecurityWeek.
UK-based Risk Ledger has raised £6.25 million (~$7.65 million) in Series A funding to prevent supply chain attacks.
The post Risk Ledger Raises £6.25 Million for Supply Chain Security Solution appeared first on SecurityWeek.
Multiple North Korean hacking groups have exploited a recent TeamCity vulnerability and Microsoft warns of potential supply chain attacks.
The post North Korean Hackers Exploiting Recent TeamCity Vulnerability appeared first on SecurityWeek.
The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security.
The post Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol appeared first on SecurityWeek.
A new APT group called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong.
The post New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack appeared first on SecurityWeek.
HashiCorp acquires BluBracket secrets-scanning technology to help businesses block accidental leaks and fight secret sprawl.
The post HashiCorp Buys BluBracket for Secrets Scanning Tech appeared first on SecurityWeek.
The North Korean hacking group behind the supply chain attack that hit 3CX also broke into two critical infrastructure organizations in the energy sector.
The post Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs appeared first on SecurityWeek.
3CX hack is the first known cascading supply chain attack, with the breach starting after an employee downloaded compromised software from a different firm.
The post Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App appeared first on SecurityWeek.
3CX has confirmed previous reports that the recently disclosed supply chain attack was likely conducted by North Korean hackers.
The post Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers appeared first on SecurityWeek.
Impostazioni privacy
Questo sito utilizza i cookie per migliorare la tua esperienza di navigazione su questo sito.
