All posts tagged "supply chain attack"
-
341VulnerabilitiesHow Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for...
-
2.4KVulnerabilitiesHands-on Review: Myrror Security Code-Aware and Attack-Aware SCA
Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors....
-
233MalwareUkrainian Hacker Suspected to be Behind “Free Download Manager” Malware Attack
The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website being...
-
3.6KMalwareDeveloper Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware
Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat....
-
3.7KData BreachMSI Data Breach: Private Code Signing Keys Leaked on the Dark Web
The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company’s private code signing keys...
-
2.1KMalwareNorth Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack
Enterprise communications service provider 3CX confirmed that the supply chain attack targeting its desktop application for Windows and macOS was the handiwork...
-
2.1KMalwareCryptocurrency Companies Targeted in Sophisticated 3CX Supply Chain Attack
The adversary behind the supply chain attack targeting 3CX deployed a second-stage implant specifically singling out a small number of cryptocurrency companies....
-
2.6KMalwareResearchers Uncover Obfuscated Malicious Code in PyPI Python Packages
Four different rogue packages in the Python Package Index (PyPI) have been found to carry out a number of malicious actions, including...
-
3.5KMalwareResearchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems
A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed...
-
1.8KMalwareW4SP Stealer Discovered in Multiple PyPI Packages Under Various Names
Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the goal of delivering information-stealing malware...
-
3.0KVulnerabilitiesSerious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability
A critical security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited to...
-
4.6KVulnerabilitiesResearchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper...
-
2.1KCyber AttackAPT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network
The Russia-linked APT29 nation-state actor has been found leveraging a “lesser-known” Windows feature called Credential Roaming as part of its attack against...
-
3.0KVulnerabilitiesGoogle Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks
Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a...
-
4.4KMalwareGitHub Dependabot Now Alerts Developers On Vulnerable GitHub Actions
Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers...
-
2.7KData BreachHow Secrets Lurking in Source Code Lead to Major Breaches
If one word could sum up the 2021 infosecurity year (well, actually three), it would be these: “supply chain attack”. A software...
-
736MalwareChinese Hackers Target Taiwan’s Financial Trading Sector with Supply Chain Attack
An advanced persistent threat (APT) group operating with objectives aligned with the Chinese government has been linked to an organized supply chain...
-
4.6KMalwareHackers Target Real Estate Websites with Skimmer in Latest Supply Chain Attack
Threat actors leveraged a cloud video hosting service to carry out a supply chain attack on more than 100 real estate websites...
-
1.1KMalwareREvil Used 0-Day in Kaseya Ransomware Attack, Demands $70 Million Ransom
Amidst the massive supply-chain ransomware attack that triggered an infection chain compromising thousands of businesses on Friday, new details have emerged about...
-
3.8KVulnerabilitiesNewly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks
Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and...
-
785Cyber AttackRapid7 Source Code Breached in Codecov Supply-Chain Attack
Cybersecurity company Rapid7 on Thursday revealed that unidentified actors improperly managed to get hold of a small portion of its source code...
