Third-Party Security Archives - Page 2 of 4

Drupal patches Critical third-party library vulnerability (CVE-2020-36193)

Application Security, Security Updates & Patches, Third-Party Security, Vulnerabilities & Exploits / By Frank Crast / January 23, 2021 / Archive_Tar, CVE-2020-36193, Drupal, GitHub, third party

Drupal has patched a Critical third-party library vulnerability (CVE-2020-36193) that affects multiple versions of Drupal Core.

DHS issues new emergency guidance on SolarWinds Orion Code compromise

Cybersecurity Articles, Cybersecurity Attacks, Data Breach, Security Updates & Patches, Third-Party Security / By Frank Crast / December 30, 2020 / CISA, CVE-2020-10148, DHS, malware, SolarWinds, Sunburst, Supernova, Zero-day

The Department of Homeland Security (DHS) has issued new emergency guidance on the SolarWinds Orion Code compromise and supply chain vulnerability.

Hackers target Vietnam in supply chain cyberattack

Cybersecurity Attacks, Malware, Third-Party Security / By Frank Crast / December 29, 2020 / certificate, Cyberattack, ESET, Government, Operation SignSight, PhantomNet, Supply Chain, third party, vendor, Vietnam

Cybersecurity experts discovered a new supply chain attack against a certification authority organization in Vietnam.

DHS warns businesses of risks using Chinese tech and data services

Cybersecurity Articles, Data Breach, Data Privacy, Insider Threats, Regulations & Laws, Security Monitoring, Third-Party Security / By Frank Crast / December 24, 2020 / Data Security, DHS, DOJ, EO 13913, EO 13942, EO 13943, Executive Order, Harvard, Huawei, NIST, PLA, PRC, USTR, WTO, ZTE

The United States Department of Homeland Security (DHS) has published a new advisory warning businesses of the risks using tech and data services linked to the People’s Republic of China (PRC).

Cybersecurity experts reveal growing list of SolarWinds 2nd stage attack victims

Cybersecurity Attacks, Malware, Third-Party Security / By Frank Crast / December 22, 2020 / Cisco, Deloitte, DNS, malware, Solarigate, SolarWinds, Sunburst, Truesec

Cybersecurity experts have revealed a growing list of SolarWinds 2nd stage attack victims based on malware analysis.

Solorigate malware behind the SolarWinds attack

Cybersecurity Attacks, Malware, Third-Party Security / By Frank Crast / December 22, 2020 / DLL, Solarigate, SolarWinds, Supply Chain

Microsoft shared new insights into the Solarigate malware, the compromised DLL file behind the SolarWinds software supply chain attacks.

CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated)

Cloud Security, Configuration Management, Cybersecurity Attacks, Data Breach, Malware, Security Updates & Patches, Third-Party Security, Vulnerabilities & Exploits / By Frank Crast / December 19, 2020 / APT, CISA, Cisco, Emergency Directive, Equifax, FireEye, Microsoft, NNSA, NSA, Nuclear, SolarWinds, Sunburst, Supply Chain, Symantec, Teardrop, UNC2452

The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a ‘grave risk’ to critical infrastructure, government and private sector organizations.

Third-Party Security