Software risk management firm Finite State has raised a $20 million growth round led by Energy Impact Partners (EIP).
The post Finite State Raises $20 Million to Grow Software Supply Chain Security Business appeared first on SecurityWeek.
Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024
Join the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues
The post Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024 appeared first on SecurityWeek.
Cyber Insights 2024: Supply Chain
Supply chain security insights: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers.
The post Cyber Insights 2024: Supply Chain appeared first on SecurityWeek.
AnyDesk Revokes Passwords, Certificates in Response to Hack
AnyDesk is revoking certificates and passwords in response to a recently discovered security breach impacting production systems.
The post AnyDesk Revokes Passwords, Certificates in Response to Hack appeared first on SecurityWeek.
Software Supply Chain Security Startup Kusari Raises $8 Million
Kusari has raised $8 million to help organizations gain visibility into and secure their software supply chain.
The post Software Supply Chain Security Startup Kusari Raises $8 Million appeared first on SecurityWeek.
New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise
Researchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners.
The post New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise appeared first on SecurityWeek.
Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack
Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks.
The post Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack appeared first on SecurityWeek.
Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies
US, UK, and Poland warn of Russia-linked cyberespionage group’s broad exploitation of recent TeamCity vulnerability.
The post Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies appeared first on SecurityWeek.
North Korean Software Supply Chain Attack Hits North America, Asia
North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply chain attack.
The post North Korean Software Supply Chain Attack Hits North America, Asia appeared first on SecurityWeek.
Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets
Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking supply chain attack bomb.”
The post Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets appeared first on SecurityWeek.