This technical paper analyses the growing cybersecurity risks associated with modern software supply chains, where development increasingly relies on third-party components, tools, and open-source dependencies. It examines the software development lifecycle, identifies key vulnerabilities introduced by complex dependency chains, and highlights the implications of upstream compromises. The paper provides recommendations aligned with relevant frameworks and best practices to reduce risk exposure, strengthen secure development processes, and enhance the resilience of the software ecosystem.
Threat Intelligence
Access a wealth of resources including articles, whitepapers, tools, and guides to support your learning.
Category
Type
More
Difficulty Level
- Threat Intelligence
CTI: A Formidable Weapon in Cyberwarfar
- Published date:
- Author: Bitsight
As CISOs transform their position in the enterprise from technical managers to business risk leaders, they need better visibility and data about cyber risks in order to credibly advise the business. As digital footprints keep expanding and cybersecurity threats keep snowballing, prioritize action around the biggest risks to the business.
Download this guide to get details on why leading CISOs credit exposure management as one of the top tools and practices that will help them drive better prioritization of action, better transparency to the board and CEOS and better accountability from their direct reports.
- Threat Intelligence
ENISA Threat Landscape 2024: Key Cybersecurity Insights and Trends
- Published date:
- Author: European Network and Information Security Agency (ENISA)
The ENISA Threat Landscape 2024 report is the 12th edition of the annual review by the European Union Agency for Cybersecurity (ENISA), covering significant cybersecurity incidents and developments from June 2023 to July 2024. This comprehensive report identifies and analyzes the top cybersecurity threats, including ransomware, malware, and social engineering, along with their impact and prevalence. It also discusses trends such as threats against data, DDoS attacks, and information manipulation. Key trends observed include the use of cloud services for stealth operations and the influence of geopolitical factors on cyber activities. The report provides detailed insights into the evolving threat vectors and offers recommendations for enhancing cybersecurity measures, serving as a crucial resource for stakeholders across various sectors.
- Emerging Technologies, Threat Intelligence
Integrated Security Strategies for Modern Critical Infrastructures: A Cyber-Physical Systems Approach
- Published date:
- Author: John Soldatos (ed.), James Philpot (ed.), Gabriele Giunta (ed.)
This guidebook explores the integrated security challenges and solutions for modern critical infrastructures, which are increasingly interconnected as large-scale cyber-physical systems. It presents advanced, unified security techniques encompassing both cyber and physical elements, utilizing cutting-edge technologies such as machine learning, IoT security, and distributed ledger infrastructures. The book details how traditional security technologies like SIEM and pen-testing are adapted for comprehensive protection across key sectors including finance, healthcare, energy, and communications. With in-depth case studies and sector-specific analyses, it provides valuable insights for stakeholders planning robust security strategies in the context of Industry 4.0, highlighting the critical interplay between cyber and physical security componen