Tag: supply-chain
-
Die Cybersicherheit von Deutschlands Top 100 Unternehmen – Risiken in der Lieferkette im digitalen Ökosystem
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/cybersecurity-report-sicherheitsverletzungen-durch-dritte-2023-a-10968662af0dfc4e66f7f924dcacbf46/
-
Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others
by
in SecurityNewsUnidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organizati… First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/hackers-hijack-github-accounts-in.html
-
XZ and the Threats to the Digital Supply Chain
by
in SecurityNewsThe discovery of the backdoor in xz utils compression software last week has shone a spotlight on the threats to the digital supply chain. Wired has a… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/xz-and-the-threats-to-the-digital-supply-chain/
-
Trusted Contributor Plants Sophisticated Backdoor in Critical Open-Source Library
by
in SecurityNewsA backdoor in XZ Utils, a widely used file-compressing software in Linux systems, could have led to a critical supply chain attack had a Microsoft res… First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/backdoor-xz-utils-linux-open-source/
-
New XZ backdoor scanner detects implant in any Linux binary
by
in SecurityNewsFirmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-xz-backdoor-scanner-detects-implant-in-any-linux-binary/
-
The Open-Source Backdoor That Almost Compromised SSH
by
in SecurityNewsThe open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the nece… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/the-open-source-backdoor-that-almost-compromised-ssh/
-
Top 5 Vulnerabilities for March 2024: A Closer Look at the XZ Utils Supply Chain Attack
by
in SecurityNewsMarch may have roared in like a lion, but for cybersecurity professionals, it was more like a backdoor sneaking into a critical utility. This month, w… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/top-5-vulnerabilities-for-march-2024-a-closer-look-at-the-xz-utils-supply-chain-attack/
-
GitHub Developers Hit in Complex Supply Chain Cyberattack
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-developers-hit-in-complex-supply-chain-cyberattack
-
170K+ Python Developers GitHub Accounts Hacked in Supply Chain Attack
by
in SecurityNewsOver 170,000 users have fallen victim to a meticulously orchestrated scheme exploiting the Python software supply chain. The Checkmarx Research team h… First seen on gbhackers.com Jump to article: gbhackers.com/170k-user-accounts-hacked/
-
Complex Supply Chain Attack Targets GitHub Developers
by
in SecurityNewsUnidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform,… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/complex-supply-chain-attack-targets-github-developers/
-
Developers Hacked In Sophisticated Supply Chain Attack
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/35694/Developers-Hacked-In-Sophisticated-Supply-Chain-Attack.html
-
75% of third-party breaches target software, IT supply chains
by
in SecurityNewsFirst seen on computerweekly.com Jump to article: www.computerweekly.com/news/366571699/75-of-third-party-breaches-target-software-IT-supply-chains
-
Binarly Attracts $10.5M to Tackle Software Supply Chain Security
by
in SecurityNewsLos Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital. The post les firmware and softw… First seen on securityweek.com Jump to article: www.securityweek.com/binarly-attracts-10-5m-to-tackle-software-supply-chain-security/
-
Top.gg, others targeted by software supply chain attack
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/top-gg-others-targeted-by-software-supply-chain-attack
-
Hackers poison source code from largest Discord bot platform
by
in SecurityNewsThe Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to infect developers with malware that st… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-poison-source-code-from-largest-discord-bot-platform/
-
Eclypsium Announces New Global Partnership Program
by
in SecurityNews
Tags: supply-chainFollowing record results in FY23, company prioritizes channel momentum Portland, OR March 26, 2024 Eclypsium, the digital supply chain security comp… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/eclypsium-announces-new-global-partnership-program/
-
Top Python Developers Hacked in Sophisticated Supply Chain Attack
by
in SecurityNewsMultiple Python developers get infected after downloading malware-packed clone of the popular tool Colorama. The post Python developers get infected … First seen on securityweek.com Jump to article: www.securityweek.com/top-python-developers-hacked-in-sophisticated-supply-chain-attack/
-
Finite State Raises $20 Million to Grow Software Supply Chain Security Business
by
in SecurityNewsSoftware risk management firm Finite State has raised a $20 million growth round led by Energy Impact Partners (EIP). The post risk management firm F… First seen on securityweek.com Jump to article: www.securityweek.com/finite-state-raises-20-million-to-grow-software-supply-chain-security-business/
-
ML Model Repositories: The Next Big Supply Chain Attack Target
by
in SecurityNewsMachine-learning model platforms like Hugging Face are suspectible to the same kind of attacks that threat actors have executed successfully for years… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/ml-model-repositories-next-big-supply-chain-attack-target
-
Watch Now: Supply Chain & Third-Party Risk Summit 2024
by
in SecurityNewsJoin the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues. (Login Now) The post … First seen on securityweek.com Jump to article: www.securityweek.com/virtual-event-today-supply-chain-third-party-risk-summit-2024/
-
Linux Supply Chain Validation Cheat Sheet
by
in SecurityNewsLinux provides several tools and techniques that allow users to query systems for information about hardware and firmware (This post builds on our pre… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/linux-supply-chain-validation-cheat-sheet/
-
Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024
by
in SecurityNewsJoin the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues The post fully immers… First seen on securityweek.com Jump to article: www.securityweek.com/virtual-event-today-supply-chain-third-party-risk-summit-2024/
-
Israeli Universities Hit by Supply Chain Cyberattack Campaign
by
in SecurityNewsIranian hacktivist group known as Lord Nemesis and Nemesis Kitten targeted an academic sector software firm in Israel to gain access to its customers…. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/israeli-universities-hit-by-supply-chain-cyberattack-campaign
-
Japan Blames North Korea for PyPI Supply Chain Cyberattack
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/application-security/japan-blames-north-korea-for-pypi-supply-chain-cyberattack
-
Strategien für eine sichere Software-Lieferkette – So funktionieren Supply-Chain-Attacks
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/so-funktionieren-supply-chain-attacks-a-ae6851a064dcdefd55312926b507f5f1/
-
China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-linked-cyber-spies-blend-watering-hole-supply-chain-attacks
-
Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks
by
in SecurityNewsThe China-linked threat actor known as;Evasive Panda;orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since S… First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/chinese-state-hackers-target-tibetans.html
-
Southern Company Builds SBOM for Electric Power Substation
by
in SecurityNewsThe utility’s software bill of materials (SBOM) experiment aims to establish stronger supply chain security ” and tighter defenses against potential c… First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/southern-company-builds-a-power-substation-sbom
-
Critical TeamCity Bugs Endanger Software Supply Chain
by
in SecurityNewsCustomers should immediately patch critical vulnerabilities in on-prem deployments of the CI/CD pipeline tool JetBrains TeamCity that could allow thre… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/critical-teamcity-bugs-endanger-software-supply-chain
-
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks
by
in SecurityNewsCybersecurity researchers have found that it’s possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models … First seen on thehackernews.com Jump to article: thehackernews.com/2024/02/new-hugging-face-vulnerability-exposes.html