Researchers at Checkmarx say that a cybercriminal group, LofyGang, has targeted the open-source supply chain with hundreds of malicious packages to steal credit card information, stream accounts, and promote hacking tools.
Search Results for "Supply Chain"
Spotlight: How Secrets Sprawl Undermines Software Supply Chain Security
Mackenzie Jackson, the Developer Advocate at GitGuardian joins Paul to discuss how “secrets sprawl” on sites like GitHub threatens software supply chains.
Episode 216: Signed, Sealed and Delivered: The Future of Supply Chain Security
In this episode of the podcast
(#216) we talk with Brian Trzupek, Digicert’s Vice President of Product, about the growing urgency of securing software supply chains, and how digital code signing can help prevent compromises like the recent hack of the firm SolarWinds.
What SolarWinds Tells Us About Securing the Software Development Supply Chain
The recent SolarWinds attack highlights an Achilles heel for enterprises: software updates for critical enterprise applications. Digital signing of code is one solution, but organizations need to modernize their code signing processes to prioritize security and integrity and align with DevOps best practices, writes Brian Trzupek the Senior Vice President of Products at DigiCert in this thought leadership article.
Episode 208: Getting Serious about Hardware Supply Chains with Goldman Sachs’ Michael Mattioli
In this week’s Security Ledger Podcast, sponsored by Trusted Computing Group, we’re talking about securing the hardware supply chain. We’re joined by Michael Mattioli, a Vice President at Goldman Sachs who heads up that organization’s hardware supply chain security program.
