Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Compliance

ITAR and EAR Export Controls: What Software Teams Need to Know

Export control regulations affect software development more than most teams realize. Here's how ITAR and EAR intersect with software supply chains.

Jul 15, 20236 min read
Supply Chain Attacks

JumpCloud Supply Chain Attack: North Korea's Lazarus Group Strikes Again

How North Korean threat actors compromised JumpCloud's infrastructure to target cryptocurrency firms through a sophisticated supply chain attack in July 2023.

Jul 12, 20235 min read
Emerging Technology

Digital Twins and Supply Chain Security: Securing the Virtual Mirror

Digital twins replicate physical systems in software. When the software supply chain of a digital twin is compromised, the consequences extend to the physical world.

Jul 10, 20235 min read
Industry Guides

Nonprofit Organization Cybersecurity: A Practical Guide

Nonprofits handle donor data and sensitive beneficiary information with limited budgets. Here's a realistic guide to managing software security on nonprofit resources.

Jul 8, 20236 min read
Ransomware

Clop Ransomware and the MOVEit Campaign: Mass Exploitation at Scale

Clop's exploitation of MOVEit Transfer compromised over 2,500 organizations in one campaign, demonstrating a shift from traditional ransomware to mass vulnerability exploitation.

Jul 5, 20237 min read
Software Supply Chain Security

NuGet Package Tampering Detection: Securing the .NET Supply Chain

NuGet packages can be tampered with at multiple points in the supply chain. Here is how to detect and prevent package tampering in your .NET projects.

Jul 5, 20235 min read
Software Supply Chain Security

Starjacking Attacks on Package Registries: Exploiting Repository Trust

Starjacking exploits the trust developers place in GitHub stars and repository metadata. Attackers link malicious packages to popular repositories to appear legitimate. Here is how it works.

Jul 5, 20235 min read
Supply Chain Security

Domain Squatting and Package Registry Attacks

Typosquatting and domain squatting in package registries trick developers into installing malicious packages. The attack is trivially easy to execute and remarkably effective.

Jul 5, 20236 min read
Security Architecture

Microsegmentation for Software Supply Chain Security

Microsegmentation limits lateral movement after a breach. Applied to software supply chains, it contains the blast radius when a dependency, build tool, or vendor is compromised.

Jun 25, 20235 min read
Emerging Technology

Quantum Computing and the Coming Cryptography Crisis in Supply Chains

Quantum computers threaten the cryptographic foundations of software supply chains. The time to prepare is now, not when quantum advantage arrives.

Jun 20, 20235 min read
Vulnerability Analysis

Progress MOVEit: Second Critical Vulnerability Discovered Amid Breach Fallout

While organizations were still reeling from the first MOVEit zero-day, a second critical vulnerability was found — raising questions about the product's security.

Jun 20, 20236 min read
Infrastructure Security

DNS Security and Software Distribution: The Foundation Nobody Secures

Every software download, package install, and API call starts with a DNS query. DNS compromise redirects your supply chain at the most fundamental level — and most organizations have no visibility.

Jun 15, 20235 min read
supply-chain (Page 52) — Safeguard Blog