La cybersécurité en 2022 : attaques contre la supply chain et professionnalisation de la cybercriminalité

Le parquet de Paris a ouvert 600 enquêtes en 2022, soit dix fois plus que trois ans auparavant. Les attaques par ransomware représentent plus de la moitié des campagnes malveillantes, continuant ainsi d’être l’arme de choix des cybercriminels. Pourtant, d’autres cibles et vecteurs d’attaques ont évolué, et sont devenus plus présents au fil des mois. […]

Continue Reading

Research reveals where 95% of open source vulnerabilities lie

New research from Endor Labs offers a view into the rampant but often unmonitored use of existing open-source software in application development and the dangers arising from this common practice. Open source vulnerabilities As just one example, the research reveals that 95% of all vulnerabilities are found in transitive dependencies – open-source code packages that […]

Continue Reading

La supply Chain, mailon faible de la cybersécurité ?

Pour tenter de pénétrer un réseau informatique, les hackers visent toujours le maillon plus faible. Et la digitalisation de la chaîne d’approvisionnement (Supply Chain) en a fait une cible de choix depuis quelques années. Le phénomène semble s’être amplifié durant la période de pandémie comme en témoignent diverses études : BlueVoyant estime que 97% des entreprises […]

Continue Reading

How to assess and mitigate complex supply chain risks

As cyber attackers increasingly look to capitalize on accelerating digitalization that has seen many enterprises significantly increase their reliance on cloud-based solutions and services as well as third-party service providers, software supply chain risk has become a major concern of organizations. In this Help Net Security video, Andy Zollo, Regional VP of EMEA at Imperva, […]

Continue Reading

Consumer behaviors are the root of open source risk

Sonatype unveiled its eighth annual State of the Software Supply Chain Report which, in addition to a massive surge in open source supply, demand, and malicious attacks, found that 96% of open source Java downloads with known-vulnerabilities could have been avoided because a better version was available, but was ignored. According to the report, this […]

Continue Reading