software supply chain attack
The Cybersecurity Industry Starts Picking Through Malicious XZ Utils Code
The open source community, federal agencies and cybersecurity researchers are busy trying to get their hands around the security near-miss of the backdoor found in versions of the popular XZ Utils data ...
Security Boulevard
PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found
Richi Jennings | | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
Complex Supply Chain Attack Targets GitHub Developers
Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform, including members of the popular Top.gg community that includes more than 170,000 members ...
Security Boulevard
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Richi Jennings | | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard
Malicious Packages in npm, PyPI Highlight Supply Chain Threat
Jeffrey Burt | | cyberattacks, npm security, PyPI, PyPI malicious packages, software supply chain attack, supply chain
Software developers are being targeted with malicious packages in npm and PyPI as threat groups launch software supply-chain attacks ...
Security Boulevard
Attackers Finding Novel Ways to Abuse GitHub: ReversingLabs
Threat actors are finding new ways to take advantage of GitHub in hopes of tricking developers into putting malicious code into their software and sending to users downstream, according to researchers with ...
Security Boulevard
UK, South Korea Warn of North Korea Supply-Chain Attacks
The cybersecurity agencies in the UK and South Korea are warning of the growing threat of North Korea-linked threat groups using zero-day and third-party exploits to launch software supply-chain attacks. The hackers ...
Security Boulevard
Supply Chain Attacks and Cyberinsurance
The rise in sophisticated supply chain cyberattacks doesn’t just affect enterprises; there are also impacts on the insurance industry and on enterprises’ cyberinsurance costs. What is a software supply chain attack? Software ...
Security Boulevard
Russia’s Nobelium Supply Chain Attacks Force U.S. Government’s Hand
Threats from the U.S. government apparently weren’t enough to keep Nobelium, the group behind the SolarWinds campaign, away from the vulnerable global IT supply chain—Microsoft said the threat actors, affiliated with Russian ...
Security Boulevard
Accellion Data Breach Highlights Third-Party Risk
Two mega-breaches caused by third parties earlier this year, following the SolarWinds supply chain hack created a growing tsunami of third-party risk for enterprises and government organizations. Security software provider Accellion also ...
Security Boulevard