Tag: supply-chain
-
Researchers Warn of Widespread Polyfill Supply Chain Attack
by
in SecurityNewsFirst seen on duo.com Jump to article: duo.com/decipher/researchers-warn-of-widespread-polyfill-supply-chain-attack
-
Trojanized jQuery Packages Spread via ‘Complex’ Supply Chain Attack
by
in SecurityNewsThe campaign, which distributes dozens of malicious jQuery variants across npm, GitHub, and jsDelivr, appears to be a manual effort, and lacks the typ… First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/trojanized-jquery-packages-complex-supply-chain-attack
-
Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies
by
in SecurityNewsThe supply chain attack targeting widely-used Polyfill[.]io JavaScript library is wider in scope than previously thought, with new findings from Censy… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/polyfillio-attack-impacts-over-380000.html
-
Ongoing NuGet supply chain attack involves dozens new malicious packages
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/ongoing-nuget-supply-chain-attack-involves-dozens-new-malicious-packages
-
Supply chain attack spreads trojanized jQuery packages
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/supply-chain-attack-spreads-trojanized-jquery-packages
-
Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks
by
in SecurityNewsA trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to st… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/critical-flaws-in-cocoapods-expose-ios.html
-
Eclypsium and Everfox Partner to Deliver Enhanced Security for the Technology Supply Chain of the U.S. Government
by
in SecurityNewsPortland, OR July 11, 2024 Eclypsium, the leader in digital supply chain security for enterprise hardware, firmware and software infrastructure, today… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/eclypsium-and-everfox-partner-to-deliver-enhanced-security-for-the-technology-supply-chain-of-the-u-s-government/
-
97 FTSE 100 firms exposed to supply chain breaches
by
in SecurityNewsBetween March 2023 and March 2024, 97 out of 100 companies on the UK’s FTSE 100 list were put at risk of compromise following supply chain breaches at… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366587593/97-FTSE-100-firms-exposed-to-supply-chain-breaches
-
Polyfill.io Supply Chain Attack: Malicious JavaScript Injection Puts Over 100k Websites At Risk
by
in SecurityNewsPolyfill.io helps web developers achieve cross-browser compatibility by automatically managing necessary polyfills. By adding a script tag to their HT… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/polyfill-io-supply-chain-attack-malicious-javascript-injection-puts-over-100k-websites-at-risk/
-
Apple CocoaPods Bugs Expose Millions of Apps to Code Injection
by
in SecurityNewsCritical dependency manager supply chain vulnerabilities have exposed millions and millions of devices to arbitrary malware for the better part of dec… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/apple-cocoapods-bugs-expose-apps-code-injection
-
Millions of Apple Applications Were Vulnerable to CocoaPods Supply Chain Attack
by
in SecurityNewsFirst seen on techrepublic.com Jump to article: www.techrepublic.com/article/apple-applications-cocoapods-supply-chain-attack/
-
Practical Guidance For Securing Your Software Supply Chain
by
in SecurityNewsThe heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their softw… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/practical-guidance-for-securing-your.html
-
Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain
by
in SecurityNewsCybersecurity company Censys has identified over 380,000 hosts that are still referencing the malicious polyfill.io domain. Censys reported that over … First seen on securityaffairs.com Jump to article: securityaffairs.com/165302/hacking/polyfill-io-supply-chain-attack.html
-
Almost Every Apple Device Vulnerable To CocoaPods Supply Chain Attack
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36053/Almost-Every-Apple-Device-Vulnerable-To-CocoaPods-Supply-Chain-Attack.html
-
Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack
by
in SecurityNewsGoogle has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/over-110000-websites-affected-by.html
-
Cybersecurity in der Lieferkette: Wie Sie Ihre SoftwareChain schützen
by
in SecurityNewsSoftware-Lieferketten stehen unter Druck: Eine Schwachstelle entlang der Lieferkette kann zu einer Vielzahl von Opfern führen. So können sich Unterneh… First seen on csoonline.com Jump to article: www.csoonline.com/de/a/wie-sie-ihre-software-supply-chain-schuetzen
-
Over 380,000+ Hosts Embedding Polyfill JS script Linking to Malicious Domain
by
in SecurityNewsOver 380,000 web hosts have been found embedding a compromised Polyfill.io JavaScript script, linking to a malicious domain. This supply chain attack … First seen on gbhackers.com Jump to article: gbhackers.com/hosts-embedding-polyfill-js/
-
‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought
by
in SecurityNewsFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/polyfill-supply-chain-richixb/
-
How AI could bolster software supply chain security
by
in SecurityNewsSupply chain risks have become more complicated and continue to affect a variety of organizations, but Synopsys’ Tim Mackey believes AI could help cre… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366586557/How-AI-could-bolster-software-supply-chain-security
-
CocoaPods: Anfällig für Supply-Chain-Angriffe in zahllosen Mac- und iOS-Apps
by
in SecurityNewsDer Dependency-Manager auf Open-Source-Basis steckt in Millionen von Swift- und Objective-C-Programmen. Offenbar standen für fast ein Jahrzehnt die To… First seen on heise.de Jump to article: www.heise.de/news/CocoaPods-Anfaellig-fuer-Supply-Chain-Angriffe-in-zahllosen-Mac-und-iOS-Apps-9786099.html
-
Supply chain attack against iOS, macOS apps likely with severe CocoaPods bugs
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/supply-chain-attack-against-ios-macos-apps-likely-with-severe-cocoapods-bugs
-
Securing Supply Chains After Baltimore
by
in SecurityNewsIn March, a container ship leaving the Helen Delich Bentley Port of Baltimore struck a support piling holding up the Francis Scott Key Bridge, knockin… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/securing-supply-chains-after-baltimore/
-
CVE of the month, the supply chain attack hidden for 10 years CVE-2024-38368
by
in SecurityNewsFor over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or s… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/cve-of-the-month-the-supply-chain-attack-hidden-for-10-years-cve-2024-38368/
-
384,000 sites link to code library caught performing supply-chain attack
by
in SecurityNewsFirst seen on arstechnica.com Jump to article: arstechnica.com/
-
New body IMCSO to elevate standards and streamline provisioning of cybersecurity services in Maritime
by
in SecurityNewsThe maritime industry is vitally important to the global supply chain for multiple reasons, from food, medicine and consumer goods to fuel and other i… First seen on itsecurityguru.org Jump to article: www.itsecurityguru.org/2024/06/21/new-body-imcso-to-elevate-standards-and-streamline-provisioning-of-cybersecurity-services-in-maritime
-
‘Perfect 10’ Apple Supply Chain Bug, Millions of Apps at Risk of CocoaPods RCE
by
in SecurityNewsFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/cocoapods-apple-vulns-richixbw/
-
Polyfill.io Supply Chain Attack Smacks Down 100K+ Websites
by
in SecurityNewsThe site is supplying malicious code that delivers dynamically generated payloads and can lead to other attacks, after a Chinese organization bought i… First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/polyfillio-supply-chain-attack-smacks-down-100k-websites
-
Building Resilience in the Chip Supply Chain
by
in SecurityNewsTo bolster digital security and resilience across the semiconductor supply chain, a critical first step is that organizations across the supply chain … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/building-resilience-in-the-chip-supply-chain/
-
WordPress Supply Chain Attack Spreads Across Multiple Plug-ins
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/wordpress-supply-chain-attack-multiple-plug-ins
-
More than 100K sites impacted by Polyfill supply chain attack
by
in SecurityNewsFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/more-than-100k-sites-impacted-by-polyfill-supply-chain-attack/