supply chain security – Page 9 – Experimental News Clipping Site

Schneier on Security: Delivering Malware Through Abandoned Amazon S3 Buckets

Feb 12, 2025

—

by

Source URL: https://www.schneier.com/blog/archives/2025/02/delivering-malware-through-abandoned-amazon-s3-buckets.html Source: Schneier on Security Title: Delivering Malware Through Abandoned Amazon S3 Buckets Feedly Summary: Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don’t realize…

Anchore: DORA + SBOM Primer: Achieving Software Supply Chain Security in Regulated Industries

Feb 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/dora-overview/ Source: Anchore Title: DORA + SBOM Primer: Achieving Software Supply Chain Security in Regulated Industries Feedly Summary: At Anchore, we frequently discuss the steady drum beat of regulatory bodies mandating SBOMs (Software Bills of Materials) as the central element of modern software supply chain security. The Digital Operational Resilience Act (DORA) is…

Hacker News: iPhone apps found on App Store with malware that reads your screenshots for data

Feb 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://9to5mac.com/2025/02/05/iphone-apps-on-app-store-malware-reads-screenshots/ Source: Hacker News Title: iPhone apps found on App Store with malware that reads your screenshots for data Feedly Summary: Comments AI Summary and Description: Yes Summary: Researchers at Kaspersky have discovered a novel malware, termed ‘SparkCat’, embedded in iOS and Android apps, utilizing screenshot-reading OCR technology to search for sensitive recovery…

Anchore: How Syft Scans Software to Generate SBOMs

Feb 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/how-syft-scans-software-to-generate-sboms/ Source: Anchore Title: How Syft Scans Software to Generate SBOMs Feedly Summary: Syft is an open source CLI tool and Go library that generates a Software Bill of Materials (SBOM) from source code, container images and packaged binaries. It is a foundational building block for various use-cases: from vulnerability scanning with tools…

Anchore: SBOMs 101: A Free, Open Source eBook for the DevSecOps Community

Feb 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/sboms-101-a-free-open-source-ebook-for-the-devsecops-community/ Source: Anchore Title: SBOMs 101: A Free, Open Source eBook for the DevSecOps Community Feedly Summary: Today, we’re excited to announce the launch of “Software Bill of Materials 101: A Guide for Developers, Security Engineers, and the DevSecOps Community”. This eBook is free and open source resource that provides a comprehensive introduction…

Anchore: Increase Supply Chain Transparency & Security with Harbor and Anchore

Feb 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/webinars/increase-supply-chain-transparency-security-with-harbor-and-anchore/ Source: Anchore Title: Increase Supply Chain Transparency & Security with Harbor and Anchore Feedly Summary: The post Increase Supply Chain Transparency & Security with Harbor and Anchore appeared first on Anchore. AI Summary and Description: Yes Summary: The text discusses a live webinar focused on enhancing supply chain security and compliance for…

Anchore: 2025 Cybersecurity Executive Order Requires Up Leveled Software Supply Chain Security

Jan 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/2025-cybersecurity-executive-order/ Source: Anchore Title: 2025 Cybersecurity Executive Order Requires Up Leveled Software Supply Chain Security Feedly Summary: A few weeks ago, the Biden administration published a new Executive Order (EO) titled “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity”. This is a follow-up to the original cybersecurity executive order—EO 14028—from…

Cloud Blog: How we’re making GKE more transparent with supply-chain attestation and SLSA

Jan 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/identity-security/how-were-making-gke-more-secure-with-supply-chain-attestation-and-slsa/ Source: Cloud Blog Title: How we’re making GKE more transparent with supply-chain attestation and SLSA Feedly Summary: What goes into your Kubernetes software? Understanding the origin of the software components you deploy is crucial for mitigating risks and ensuring the trustworthiness of your applications. To do this, you need to know your…

The Register: Biden signs sweeping cybersecurity order, just in time for Trump to gut it

Jan 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/17/biden_cybersecurity_eo/ Source: The Register Title: Biden signs sweeping cybersecurity order, just in time for Trump to gut it Feedly Summary: Ransomware, AI, secure software, digital IDs – there’s something for everyone in the presidential directive Analysis Joe Biden, in the final days of his US presidency, issued another cybersecurity order that is nearly…

Docker: Protecting the Software Supply Chain: The Art of Continuous Improvement

Jan 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.docker.com/blog/software-supply-chain-art-of-continuous-improvement/ Source: Docker Title: Protecting the Software Supply Chain: The Art of Continuous Improvement Feedly Summary: Discover how Docker’s tools enhance software supply chain security, empowering teams to innovate securely at every stage of development. AI Summary and Description: Yes Summary: The text emphasizes the critical need for continuous improvement in software security,…

Tag: supply chain security