4/27/23: RSA Edition!

If you're in the security industry, RSA has been on your social feed all week long. Here are some security highlights in case you've been wrapped up at the conference!

Software supply chain security is an everyone problem

As software supply chain attacks continue, the federal government’s long-term priority is shifting the liability away from end users and putting the responsibility on manufacturers. However, securing your software supply chain "isn’t something you can just purchase software for and tack it on after."

New SLP vulnerability could enable massive DDoS attacks

Security researchers have discovered a high-severity vulnerability in the Service Location Protocol (SLP), which could be exploited to launch among the largest DDoS amplification attacks ever seen.

Can ChatGPT help secure the software supply chain?!

Experts say evolving AI tools such as ChatGPT and other large language models can benefit software supply chain security — from vulnerability detection and management to vulnerability patching and real-time intelligence gathering.

Supply-chain attacks paved with ignorance, human error & shadow IT

There has been a 742% average annual increase in software supply chain attacks. Gartner predicts that by 2025, 45% of organizations will have experienced such an attack.

CISA calls to reduce email threats with CDR prototype

Cybersecurity and Infrastructure Security Agency wants to improve email security through a new approach for scoring and reducing malicious files. The results of the prototype tests showed more than 90% risk content reduction, so CISA's goal now is to apply the methodology at scale for email and web services.

Subscribe for more weekly security highlights!