SolarWinds was the target of a notorious software supply chain attack in 2019. Other companies like Kaseya, Codecov, Okta, GitHub, FishPig, and Log4j have also experienced similar attacks. These attacks exploit third-party vendors or suppliers along the development lifecycle to conduct espionage or sabotage. To protect from such threats, experts recommend maintaining updated software asset inventories, securing endpoints, implementing code integrity policies, and preparing an incident response plan.
Cyber defenders need to remember their adversaries are human, says Trellix research head
Nation-state actors and cybercriminals are increasingly overlapping, but they are still human and prone to errors. This vulnerability can be exploited, highlighting the importance of
