third party Archives

NIST SP 1800-34: Validating the Integrity of Computing Devices (Preliminary Draft)

Standards & Guidelines / Frank Crast / August 31, 2021 / NIST, Supply Chain, third party

The National Institute of Standards and Technology (NIST) has issued a Preliminary Draft security guidelines SP 1800-34 for Validating the Integrity of Computing Devices.

NIST SP 1800-34: Validating the Integrity of Computing Devices (Preliminary Draft) Read More »

Drupal patches Critical third-party library vulnerability (CVE-2021-32610)

Security Updates & Patches, Third-Party Security, Vulnerabilities & Exploits / Frank Crast / July 23, 2021 / Archive_Tar, CVE-2021-32610, Drupal, Drupal Core, PEAR Archive_Tar, third party

Drupal has patched a Critical third-party library vulnerability that affects multiple versions of Drupal Core. A remote attacker could exploit this vulnerability to compromise an affected system.

Drupal patches Critical third-party library vulnerability (CVE-2021-32610) Read More »

Drupal patches Critical third-party library vulnerability (CVE-2020-36193)

Application Security, Security Updates & Patches, Third-Party Security, Vulnerabilities & Exploits / Frank Crast / January 23, 2021 / Archive_Tar, CVE-2020-36193, Drupal, GitHub, third party

Drupal has patched a Critical third-party library vulnerability (CVE-2020-36193) that affects multiple versions of Drupal Core.

Drupal patches Critical third-party library vulnerability (CVE-2020-36193) Read More »

Hackers target Vietnam in supply chain cyberattack

Cybersecurity Attacks, Malware, Third-Party Security / Frank Crast / December 29, 2020 / certificate, Cyberattack, ESET, Government, Operation SignSight, PhantomNet, Supply Chain, third party, vendor, Vietnam

Cybersecurity experts discovered a new supply chain attack against a certification authority organization in Vietnam.

Hackers target Vietnam in supply chain cyberattack Read More »

Threat actors targeting COVID-19 vaccine cold chain

Cybersecurity Attacks, Phishing, Third-Party Security / Frank Crast / December 8, 2020 / Agent Tesla, CCEOP, cold chain, COVID-19, Gavi, Haier, malware, phishing, third party, X-Force

Security researchers have spotted malicious cyber actors targeting the COVID-19 vaccine cold chain via a global phishing cyber campaign.

Threat actors targeting COVID-19 vaccine cold chain Read More »

GE third party data breach exposes employee personal data

Data Breach, Third-Party Security / Frank Crast / March 27, 2020 / Canon, Data Breach, GE, General Electric, third party

In a breach notification letter posted online, General Electric (GE) said one of their service providers Canon Business Process Services experienced a data breach last month. The breach exposed certain personal data on past and present GE employees, as well as their beneficiaries.

GE third party data breach exposes employee personal data Read More »

NSA: Guidance to mitigate cloud vulnerabilities

Cloud Security, Configuration Management, Cybersecurity Articles, Third-Party Security / Frank Crast / February 10, 2020 / Cloud, CSP, encryption, IAM, Key Management, least privilege, NSA, third party

The National Security Agency (NSA) has released guidelines to help organizations mitigate cloud vulnerabilities. The NSA document includes four classes of vulnerabilities at most risk to threat actors.

NSA: Guidance to mitigate cloud vulnerabilities Read More »

Office 365 third-party risks and configuration guidance

Cloud Security, Configuration Management, Cybersecurity Articles, Third-Party Security, Vulnerabilities & Exploits / Frank Crast / May 21, 2019 / CISA, Cloud, O365, Office 365, third party

A new security report highlights some of the risks organizations face when moving to the cloud and potential configuration vulnerabilities.

Office 365 third-party risks and configuration guidance Read More »

Operation ShadowHammer hijacks ASUS Live Update to install backdoor

Application Security, Cybersecurity Attacks, Third-Party Security / Frank Crast / March 25, 2019 / ASUS, CCleaner, firmware, Kaspersky, ShadowHammer, ShadowPad, third party

Cyber attackers have hijacked ASUS Live Update and downloaded a back-doored version to thousands of ASUS PCs last year. The utility is pre-installed on most ASUS computers and is used to keep ASUS PCs up-to-date with latest firmware, drivers and applications.

Operation ShadowHammer hijacks ASUS Live Update to install backdoor Read More »