3/30/23: 3CX & OSS Updates
What in the world is going on in software supply chain security this week?
Ongoing software supply chain attack on 3CXDesktopApp
Perhaps one of the first supply-chain attacks with specialized payloads per platform (macOS, Windows) with signed binaries. This one has a potentially large reach with an alleged user count in the millions. So far, Lazarus (North Korea) is being blamed for the attack. Read SentinelOne 's executive summary.
CISA director says cutting agency’s budget would return it to ‘pre-SolarWinds world’
Defending Cybersecurity and Infrastructure Security Agency 's request to increase its budget by 5% over the last year, director Jen Easterly warned that if the agency’s budget falls below $2.6 billion or needs to cut back on its regional partnerships, it would “put us back in a pre-SolarWinds world where we’ll lose that visibility that we’ve developed and that’s harmful to our security as a nation.” Read more on CyberScoop .
领英推荐
Ransomware gangs are here to stay?
67% of The Cybersecurity 202 Network experts predict that ransomware threats will take off this year, 23% predict it will stay the same, and 10% predict it will decrease. Read more on the Washington Post.
Chainguard contributes Rekor Search Project to sigstore !
We are excited to donate the Rekor Search UI project to Sigstore as a part of our continued commitment to open source. This project was built and open-sourced by Chainguard in March 2022 and allows users to conveniently search entries in the public Rekor transparency log through their web browser rather than having to search the log via command line.
Everything you need to know about open-source software security
Open source software comprises 90% of all the software we depend on, so securing and investing in open source is key to making the software supply chain secure by default. Tracy Miranda provided a Spring 2023 update on all the awesomeness that is happening in the OSS security community here.