An exploit could lead to remote shutdown of security systems: who is responsible?
A security systems app appears to have leaked highly sensitive data. MASmobile Classic, intended for alarm systems installers to look up customer data, could unintentionally send codes to disable security systems online to malicious people.
This is according to research by the Dutch station BNR.... Read more
Supply chain risks are becoming an ever larger problem for businesses
The increasing complexity of IT environments is leading to more hidden cyber threats. The risk of cyberattacks and data breaches through the software supply chain is hard to ward off, according to research by JFrog.
To point out how cluttered corporate IT infrastructures can be today, JFrog cite... Read more
Vulnerabilities go unnoticed by users of open-source software far too often
Every year, Sonatype takes a good look at the software supply chain. In this year's State of the Software Supply Chain report, researchers report that many more malicious packages have been discovered than before. At the same time, a version with a fix is almost always available. Sonatype also foun... Read more
Tidelift shields organizations from the risks of open source
Tidelift has added new capabilities to its Tidelift Subscription. The newly expanded package allows organizations to assess the security of open-source software. Thanks to thousands of collaborations with open-source projects, the company contributes to the reliability of IT environments.
Tideli... Read more
CNCF’s Notary and Notation get first full release
The Cloud Native Computing Foundation's (CNCF) Notary Project and Notation Project standardization projects for supply chain security have received a major update with version 1.0.0, marking their first full release.
The Notary Projects and its derivative Notation are two development projects fo... Read more
EU will expand its cooperation with Japan on chip supply
The European Union is seeking to reduce its reliance on China for semiconductors. It hopes to find a suitable partner in Japan and is rolling out plans to boost cooperation.
This week the European Union announced that it will will deepen its ties with Japan on semiconductors. Thierry Breton, the... Read more
OpenSSF strengthens supply chain security with SLSA 1.0
SLSA 1.0 is intended to provide a standard language for software supply chain security. The project is at an important milestone in software development security with its first stable version, according to OpenSSF.
The Open Source Security Foundation (OpenSSF) was launched in 2020 by the Linux F... Read more
Nearly all companies have misconfigurations in cloud environments
Nearly all organizations (98.6 percent) are experiencing worrisome misconfigurations that pose significant risks to data and infrastructure.
According to research by Zscaler, the increasing use of cloud technology is leading to more and more vulnerability problems. In the study, Zscaler finds th... Read more
Sigstore launches free software signing service
The open-source technology allows users to verify the reliability of software components. Sigstore is used by the developers of giant projects like Kubernetes and Python. The free technology was recently made generally available.
Software supply chain security is a growing problem. Vulnerabilit... Read more
‘SSO credentials of the world’s largest organizations are for sale’
The login credentials of 25 percent of the 500 largest US organizations are for sale on the dark web, according to researchers from BitSight Technologies.
Single sign-on (SSO) credentials allow users to log into multiple applications and websites with a single identity. A single identity reduce... Read more