Business Operations | News, how-tos, features, reviews, and videos
The US National Institute of Standards and Technology released the 2.0 version of its Cybersecurity Framework, focusing more on governance and supply chain issues and offering resources to speed the framework’s implementation.
The proof of concept shows it's possible to upload malicious PyTorch releases to GitHub by exploiting insecure misconfigurations in GitHub Actions.
As the DOD's Cybersecurity Maturity Model Certification cyber rules for suppliers inch closer to finish line, some vendors see more realistic expectations for compliance.
Attackers are exploiting for the first time a known security risk in a popular MSBuild feature to place hard-to-detect malicious files in the .NET repository.
Almost two-thirds of automotive industry leaders believe their supply chain is vulnerable to cyberattacks, with many behind the curve on upcoming international regulation.
This newly discovered "dual use" campaign enables software supply chain compromise as well as phishing.
Threat actors are concealing campaigns to evade detection and establish stronger footholds in compromised systems.
The malicious packages have been downloaded hundreds of times, but the long-term impact is unknown.
The attack that injected malicious code into the company's software appears to have been enabled by another compromised application.
The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code.