Application security is foundational to the software supply chain security ecosystem. But it takes a village. Derek Fisher explains in this fireside chat with Matt Rose.
Read More about App sec and the supply chain: Work in tandem with engineers to achieve true software security
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: When AI attacks, ChatGPT lowers the bar for developing malware
...
Read More about ReversingLabs Elastic Threat Infrastructure Update: Integration, Automation for SOC Teams
The JsonWebToken library has a flaw that could have lead to remote code execution (RCE).
Read More about If you don't love me now: JsonWebToken could break the software supply chain (again)
Researchers compromised source code and development infrastructure for Mercedes-Benz and SiriusXM Connected Vehicle Services, raising security concerns.
Read More about Danger: Researchers exploit gaps in connected vehicle software supply chain
In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers.
Read More about After hack, CircleCI tells devs to update secrets now
The collaboration between SOCs and software development teams is essential to taking on the challenge of software supply chain attacks. Here's why.
Read More about Shift the SOC left: Why you should integrate DevOps with SecOps
As attacks become more sophisticated, it is imperative to harden machine learning (ML) models and reduce the adversary’s ability to evade detection.
Read More about How to harden machine learning models against adversarial attacks
Welcome to 2023’s first edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Ransomware attacks close out 2022 with a bang, PyTorch compromise explored.webp&w=3840&q=75)
A classic dependency confusion attack revealed itself last week.
Read More about PyTorch supply chain attack: Dependency confusion burns DevOps
Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable software supply chain attacks.
Read More about 10 software supply chain attacks you can learn from
Welcome to the latest edition of The Week in Security, which brings you the latest headlines across the full stack of security: application security; cybersecurity; and beyond.
Read More about The Week in Security: Okta says source code stolen. Also: SentinelSneak: PyPi moduel poses as security SDK
...
Read More about DraftKings fantasy? How YOU can prevent credential stuffing attacks
A malicious Python file found on the PyPI repository adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.
Read More about SentinelSneak: Malicious PyPI module poses as security software development kit
Experts and a top analyst discussed the state of software supply chain security in a recent Webinar. Here are key takeaways from their discussion.
Read More about Expert panel: No ‘silver bullet’ for supply chain security