supply chain attack
The Targeting of the COVID-19 Vaccine Supply Chain
The world has waited for 10 months for the good news that arrived this week—the first inoculations of the COVID-19 vaccine would be given in the UK within days. Those same 10 ...
Machine Learning Can’t Protect You From Fileless Attacks
The rise of fileless attacks in the past 10 years has stymied even the best antivirus software. Traditional AV is designed to detect known signatures of known malware and prevent it from ...
Predictions 2020: Don’t Forget the Current Threats
With cybercriminals increasing their ambitions, constantly evolving hacking techniques year over year, and with emerging technologies providing more attack surface for hackers, executives and IT leaders must plan for the inevitable. They ...
Avast, NordVPN Breaches Tied to Phantom User Accounts
Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that -- while otherwise unrelated -- shared a common cause: Forgotten or unknown ...
Your Supply Chain May Be a Trojan Horse
No organization exists in vacuum. There is no such thing as a completely self-sustaining company that does not in some way depend on suppliers, partners, and service providers. Businesses use products and ...
Inside the ASUS Supply chain attack
Introduction This week, Kaspersky Lab reported initial details of a new supply chain attack on systems by computer giant ASUS. Dubbed ShadowHammer by Kaspersky, the attack leveraged a malicious version of ASUS ...
Cisco Takes Another Stab at Patching Recent WebEx Vulnerability
Cisco Systems has released a new patch for a remotely exploitable privilege escalation vulnerability after security researchers found that its previous fix was incomplete. The company first patched the vulnerability, known as ...
Hackers Replace MEGA Chrome Extension with Trojanized Version
Users of the Mega.nz file hosting and sharing service were targeted through a supply chain attack in which hackers replaced the company’s official Chrome extension with a malicious version. The attack happened ...
Dark Market Shop Sells RDP Access to Airport System for $10
Stolen or brute-forced remote desktop protocol (RDP) credentials have played a central role in many data breaches over the years and cybercriminals have made a business out of selling them on the ...
Spy Group Targeted Air-Gapped Systems via Compromised Secure USB Drives
Security researchers have found evidence that a cyberespionage group has somehow compromised secure USB drives used by government agencies in South Korea, which might have allowed them to target air-gapped systems. “Weaponizing ...
