• Software Supply Chain Security Guidance for Developers

    4 days ago - By eSecurity Planet

    Whether it's package hijacking, dependency confusing, typosquatting, continuous integration and continuous delivery compromises, or basic web exploitation of outdated dependencies , there are many software supply chain attacks adversaries can perform to take down their victims, hold them to ransom , and exfiltrate critical data.
    It's often more efficient to attack a weak link in the chain to reach a bigger target, like what happened to Kaseya or SolarWinds in the last couple of years. Attackers can implant an RCE or harvest developers' credentials to escalate privileges and perform...
    Read more ...