Understanding the Risk of Supply Chain Attacks and Open-Source Libraries… And What to Do About It

Webinar Registration

Attacks that started upstream are major news today. The REvil ransomware attack leveraging Kaseya, the Hafnium attack via Internet-facing Exchange servers, and the now-infamous SolarWinds attack earlier this year are all warnings that threat actors are shifting to the supply chain to have a single attack provide access to hundreds-to-tens of thousands of networks.

As cybercriminals look for opportunities to get into the “supply chain game”, they have turned to looking at open-source libraries as a target. The use of open-source software (OSS) is mainstream today and has led to faster development and innovation, but also has increased the risk of vulnerabilities. Since development is focused on a libraries’ functionality, testing it to see if it is secure isn’t front of mind.

This puts the security of your organization’s supply chain in question. With most cyber insurance policies and even the White House’s latest Executive Order requiring a secure supply chain, the need to ensure your organizations supply chain is secure falls on internal IT.

In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, and will first discuss:

The state of supply chain attacks
The prevalence of open-source software today
Mapping supply chain attacks to the MITRE ATT&CK Framework

Nick will then be joined by Sean Wright, Principal Application Security Engineer for Immersive Labs who will demonstrate the insecurity found in today’s open-source code, and perform a live demonstration that includes:

Inject a payload in an open-source library
Using the payload to gain a reverse shell to a downstream system

Sean will then discuss how internal IT teams can help determine if any part of the applications sources from your supply chain are vulnerable using Open Web Application Security Project (OWASP) tools and how to mitigate detected vulnerabilities with a simple content security policy.

This real training for free event will be jam packed with technical detail and real-world application. Register today!

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
Industry:	Required
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.