The so-called software supply chain has been generating a lot of buzz these days. It came fully into the spotlight because of the global intrusion campaign where attackers used the update process of the popular Orion management software from SolarWinds to upload malicious code. Over 18,000 customers were affected, although the attackers only selectively attacked major corporations and government agencies once their backdoor was installed.
SolarWinds was probably the highest-profile supply chain attack in recent history, but there have been many others. The attack led to a reevaluation of who is responsible for security. For example, one of the major responses to the SolarWinds attack was President Biden’s Executive Order on Improving the Nation’s Cybersecurity. Among other things, the order stresses the need for supply chain security. And for the first time, a high-profile government directive specifically mentioned developers’ responsibility to deploy secure software.
More Stories
The AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!)
In episode 30 of The AI Fix, AIs are caught lying to avoid being turned off, Appleās AI flubs a...
US and Japan Blame North Korea for $308m Crypto Heist
A joint US-Japan alert attributed North Korean hackers with a May 2024 crypto heist worth $308m from Japan-based company DMM...
Spyware Maker NSO Group Found Liable for Hacking WhatsApp
A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse...
Spyware Maker NSO Group Liable for WhatsApp User Hacks
A US judge has ruled in favor of WhatsApp in a long-running case against commercial spyware-maker NSO Group Read More
Major Biometric Data Farming Operation Uncovered
Researchers at iProov have discovered a dark web group compiling identity documents and biometric data to bypass KYC checks Read...
Ransomware Attack Exposes Data of 5.6 Million Ascension Patients
US healthcare giant Ascension revealed that 5.6 million individuals have had their personal, medical and financial information breached in a...