Business Operations | News, how-tos, features, reviews, and videos
Marriot revealed in a court case around a massive 2018 data breach that it had been using secure hash algorithm 1 and not the much more secure AES-1 encryption as it had earlier maintained.
CISA’s massive rulemaking will create the first US cyber incident and ransomware payment reporting mechanism that promises to radically overhaul the workloads of most cybersecurity professionals.
Caught before it could do widespread damage, the sophisticated vulnerability could have been one of the highest-impact software supply chain breaches to date.
The incident shows the snowball effect a single malicious package can have on the open-source development ecosystem.
The US National Institute of Standards and Technology released the 2.0 version of its Cybersecurity Framework, focusing more on governance and supply chain issues and offering resources to speed the framework’s implementation.
The proof of concept shows it's possible to upload malicious PyTorch releases to GitHub by exploiting insecure misconfigurations in GitHub Actions.
Attackers are exploiting for the first time a known security risk in a popular MSBuild feature to place hard-to-detect malicious files in the .NET repository.
Almost two-thirds of automotive industry leaders believe their supply chain is vulnerable to cyberattacks, with many behind the curve on upcoming international regulation.
This newly discovered "dual use" campaign enables software supply chain compromise as well as phishing.
Threat actors are concealing campaigns to evade detection and establish stronger footholds in compromised systems.