22 Nov 2022

US Gov Issues Software Supply Chain Security Guidance for Customers

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) have released a report offering joint guidance on how to secure the software supply chain. The guidance was created by a group that is primarily focused on mitigating

Read More
24 Oct 2022

Google Unveils Open Source Project to Improve Software Supply Chain Security

Last Thursday Google called for contributors to collaborate on an open source project titled Graph for Understanding Artifact Composition (GUAC). The project is part of Google’s efforts to improve software supply chain security. GUAC is still in the early stages, but Google hopes that the project will change how the

Read More
06 Oct 2022

Software supply chains at risk: The account takeover threat

Software supply chain attacks have become increasingly popular amongst all kinds of cybercriminals. Although origianlly used by cyberespionage threat actors, the attacks have become attractive to cybercriminals who are seeking to compromise hundreds of thousands of computers with a single operation that will spread. The software supply chain attack threat

Read More
26 Sep 2022

App Developers Increasingly Targeted via Slack, DevOps Tools

According to new research, developers are facing increasing attacks via tools that they use to produce code and collaborate with other developers, including popular platforms such as Docker, Slack, and Kubernetes. Cybercriminals and threat actors are seeking to access the valuable software that these developers are working on on a

Read More
08 Jul 2022

Apple Announces ‘Lockdown Mode’ to Protect Journalists and Human Rights Workers From Spyware

On Wednesday, Apple announced a slew of new iPhone security features it calls “Lockdown Mode” aimed to protect journalists and human rights workers from spyware. Lockdown Mode will be available in the fall of this year and offer iPhone users a number of new security features, including blocking message attachment

Read More
06 Jul 2022

Software Supply Chain Attack Hits Thousands of Apps

Security researchers at ReversingLabs have reportedly uncovered a new supply chain attack impacting software manufacturing that affects thousands of applications and websites. According to the researchers, the software is impacted due to the use of malicious npm packages and modules dating back at least six months. In addition to its

Read More
03 Jun 2022

10 Companies Chosen to Test Next-Generation Cybersecurity Technologies

Ten UK-based cybersecurity companies have been chosen by the government to participate in the latest phase of the Digital Security by Design program. Their participation will consist of experimenting with prototype cybersecurity technology created to strengthen the hardware underlying the computers. The technology was designed by Arm, a semiconductor and

Read More
20 Apr 2022

‘CatalanGate’ Spyware Infections Tied to NSO Group

Citizen Lab has uncovered a years-long campaign that is targeting the autonomous region of Spain, Catalonia, with an unknown zero-click exploit in Apple’s iMessage. The exploit was reportedly used by Israeli-based NSO Group to plant the Pegasus or Candiru spyware onto iPhones used by journalists, activists, politicians, and other public

Read More
29 Mar 2022

Using Russian tech? It’s time to look at the risks again, says cybersecurity chief

Organisations using Russian-linked software or products have been told to take time to consider the risk involved with using those technologies following Russia’s invasion of Ukraine. New guidance from the National Cyber Security Centre (NCSC) – part of GCHQ – says organisations in several key areas in particular should reconsider the

Read More
10 Jan 2022

US Issues Warning Over Commercial Spyware

The US government has issued a new warning regarding possible targets of commercial spyware. The entity also provided guidance on how individuals can protect themselves from unwarranted surveillance. In the announcement, the US National Counterintelligence and Security Center (NCSC) stated that governments across the world are using commercial surveillance software

Read More