The SolarWinds hack seems to be breathing new life into the supply chain security effort.

The #SolarWinds hack seems to be breathing new life into the supply chain #security effort | #TpromoCom #CyberSecurity | The General Services Administration could soon start requiring on-site assessments of certain federal contractors under a new program to scrutinize risks to the supply chain https://bit.ly/39oAaiL

Tucked into the draft of a new governmentwide acquisition vehicle for information technology services called Polaris is language describing a tool to “identify, assess and monitor supply chain risks of critical vendors.” It would use classified and unclassified sources.

GSA said once the tool it’s developing—referred to as the Vendor Risk Assessment Program—is complete, “the contractor agrees

Follow us on Social Media or email us:

Integrators: Beware More Supply Chain Cyber Attacks

Integrators: Beware More Supply Chain Cyber Attacks | #TpromoCom #SolarWinds #Hacker #Hackers #CyberSecurity | The SolarWinds hack is an example of a supply chain attack that integrators and AV software companies need to defend against.

The recent news of a large-scale attack on the part of a foreign government utilizing popular network monitoring tools should have integrators questioning the security of the remote monitoring tools they use.

U.S. government officials, cybersecurity experts and tech giants are working around the clock to uncover more evidence and possibly other supply chain attack vectors after IT software company SolarWinds disclosed that versions of its popular Orion product was compromised by foreign cyber actors.

Read the remainder of this Commercial Integrator news story here: 

How suspected Russian hackers outed their massive cyberattack

How suspected Russian hackers outed their massive cyberattack | #TpromoCom #Hacker #Hackers #CyberSecurity #Government | A cybersecurity firm says a suspicious log-in prompted it to investigate what turned out to be a gaping security hole for the U.S. government and many large companies (politico.com) 

Foreign hackers who pulled off a stealthy breach of at least a dozen federal agencies got caught after successfully logging in to a top cybersecurity firm’s network, tipping the company off to a broader hacking campaign targeting the U.S. government, according to officials from the firm and congressional aides briefed on the issue.

The suspicious log-in prompted the firm, FireEye, to begin investigating what it ultimately determined to be a highly damaging vulnerability in software used across the government and by many Fortune 500 companies.

Read more?