Browsing tag
In a world where more & more organizations are adopting open-source components as foundational blocks in their application’s infrastructure, it’s difficult to consider traditional SCAs as complete protection mechanisms against open-source threats. Using open-source libraries saves tons of coding and debugging time, and by that – shortens the time to deliver our applications. But, as […]
A new deceptive campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. “The malicious code exfiltrates the GitHub project’s defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware […]
Cybersecurity researchers have discovered a new ongoing campaign aimed at the npm ecosystem that leverages a unique execution chain to deliver an unknown payload to targeted systems. “The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed,” software supply chain […]
Google on Wednesday announced the 0.1 Beta version of GUAC (short for Graph for Understanding Artifact Composition) for organizations to secure their software supply chains. To that end, the search giant is making available the open source framework as an API for developers to integrate their own tools and policy engines. GUAC aims to aggregate […]
Some organizations and developers use third-party resources rather than writing software from scratch. Engineers may speed up development and save manufacturing costs by adopting pre-built libraries and open source components, allowing them to bring products to market faster. As a result, businesses need to account for software occurring outside of their walls and networks in […]
Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor. “We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action,” […]
In the ongoing trade war between the United States and China, embattled electronics firm Huawei found an ally from no other than Standard and Poors (S&P), a credit rating agency. S&P cautioned the United States of its strong Anti-Huawei stance, as it will likely have bad effects on the profitability of electronic component suppliers where […]