Supply Chain Risk Management Capabilities Center
Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.
“Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape,” Checkmarx researchers Yehuda Gelb and Elad Rapaport said in a report shared with The Hacker News.
Over 14 million patients have been affected by data breaches caused by malware attacks on US healthcare organizations so far in 2024, according to a new analysis by SonicWall.
Most (91%) of these breaches have leveraged ransomware, with the report highlighting that attackers see the threat of exposing sensitive information held by healthcare organizations as an effective method for extorting ransom payments.
Supply chain resilience is essential for companies to survive in today’s competitive market, as they face environmental and unforeseeable challenges in their supply chain. This paper aims to model and manage the factors and activities that influence supply chain resilience and how they relate to each other. This will help us devise plans for enhancing the resilience of a supply chain.
Slated for September 24-25, in Colorado Springs, the summit will focus on geopolitical, economic, and cybersecurity impacts on global space. VOSS V will cover the future of space threats, potential solutions, and the innovative ideas that come from collaborative conversations.
VOSS V is expected to have an immediate impact on the global space community as the event convenes a variety of perspectives from across the space enterprise. The summit’s audience includes stakeholders from industry, academia, the nonprofit research and development community, and collaborators from the United States government, its allies, and partners.
While all federal agencies are striving to reach the same place, no two agencies are taking the same path to get there. Hear from cyber leaders at the Cybersecurity and Infrastructure Security Agency, the Interior Department, the Secret Service and Verizon:
Monday, October 7, 2024
Time: 11:00 AM EDT – 12:00 PM EDT
Location type: Virtual/Online
Delivery: Live
Format: Webinar
This webinar is intended for those responsible for cybersecurity operations, incident response, and cyber threat intelligence functions within an organization’s IT and cybersecurity teams.
Cyber adversaries are on the move. Their tactics, techniques, and procedures (TTP) evolve rapidly. The defenses in place today, even when good, may not be good enough tomorrow. This webinar equips individuals with the foundational knowledge necessary to establish or improve upon a CTI capability within organizational cybersecurity operations.
American car rental giant Avis notified customers that unknown attackers breached one of its business applications last month and stole some of their personal information.
According to data breach notification letters sent to impacted customers on Wednesday and filed with California’s Office of the Attorney General, the company took action to stop the unauthorized access, launched an investigation with the help of external cybersecurity experts, and reported the incident to relevant authorities after learning of the breach on August 5.
October 1, 2024 to October 2, 2024
With the recent unveiling of the second version of the National Cybersecurity Strategy Implementation Plan, agencies continue to work on meeting the cyber goals the administration established in March 2023. What’s happening in year two? For our Cyber Leaders Exchange 2024, Federal News Network will delve into how agencies are faring in their efforts to better integrate cybersecurity enterprisewide and across government.
Join Federal News Network for our third annual cyber exchange Oct. 1 and 2 at 1 p.m. Eastern each day.
Industrial cybersecurity firm Dragos disclosed that ransomware attacks significantly rose in the second quarter, as hacker groups recalibrated adversarial strategies. These groups demonstrated significant adaptability by rebranding and adopting new tactics, suggesting they will continue refining their operations using sophisticated methods like zero-day vulnerabilities to enhance their attacks. Data also revealed that the quarter saw a significant rise in the frequency and severity of attacks, reflecting the evolving threat landscape and the persistent risk posed by ransomware groups.
Thousands of Industrial Control Systems in the US and UK are vulnerable to cyberattacks, putting critical infrastructure like water systems at risk. A new report from Censys reveals the alarming number of exposed devices, highlighting the urgent need for improved cybersecurity measures.