Tag: supply-chain
-
Sprawling ‘Operation Digital Eye’ Attack Targets European IT Orgs
by
in SecurityNewsA Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/operation-digital-eye-attack-targets-european-it-orgs
-
Moody’s: Hackers Aim for Big Payouts, Supply Chain Attacks
by
in SecurityNewsBig Game Hunting Will Intensify in 2025, Says Credit Rating Agency. Improved cybersecurity will result in ransomware hackers targeting larger organizations to wring out high dollar extortion payments and intensified focus on supply chain attacks, predicts Moody’s Ratings. The share of ransomware victims willing to meet criminal demands for money is at record lows. First…
-
Supply chain attack compromises Ultralytics AI model
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/supply-chain-attack-compromises-ultralytics-ai-model
-
Update your OpenWrt router! Security issue made supply chain attack possible
by
in SecurityNewsA security issue that could have allowed attackers to serve malicious firmware images to users has been fixed by OpenWrt Project, the organization that helms the development … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/09/openwrt-security-update-supply-chain-attack/
-
35 more Semgrep rules: infrastructure, supply chain, and Ruby
by
in SecurityNewsBy Matt Schwager and Travis Peters We are publishing another set of custom Semgrep rules, bringing our total number of public rules to 115. This blog post will briefly cover the new rules, then explore two Semgrep features in depth: regex mode (especially how it compares against generic mode), and HCL language support for technologies……
-
OpenWrt orders router firmware updates after supply chain attack scare
by
in SecurityNewsA couple of bugs lead to a potentially bad time First seen on theregister.com Jump to article: www.theregister.com/2024/12/09/openwrt_firmware_vulnerabilities/
-
Ultralytics AI Library with 60M Downloads Compromised for Cryptomining
by
in SecurityNewsAnother day, another supply chain attack! First seen on hackread.com Jump to article: hackread.com/ultralytics-ai-library-compromised-for-cryptomining/
-
Ultralytics YOLO AI model compromised in supply chain attack
by
in SecurityNewsWhile Ultralytics has not released an official security advisory, the company pulled two recent versions of its YOLO11 AI model after reports emerged that they contained a cryptominer. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366616877/Ultralytics-YOLO-AI-model-compromised-in-supply-chain-attack
-
Ultralytics YOLO AI model compromised in supply chain attack
by
in SecurityNewsWhile Ultralytics has not released an official security advisory, the company pulled two recent versions of its YOLO11 AI model after reports emerged that they contained a cryptominer. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366616877/Ultralytics-YOLO-AI-model-compromised-in-supply-chain-attack
-
Blue Yonder investigating data theft claims after ransomware gang takes credit for cyberattack
by
in SecurityNewsSupply chain software giant Blue Yonder says it is investigating claims of data theft after a ransomware gang threatened to publish troves of data stolen from the company. Arizona-based Blue Yonder, which provides supply chain management software to thousands of organizations including DHL, Starbucks and Walgreens, was hit by a cyberattack on November 21. The…
-
Cyber-Bedrohungen 2024: Trends und Ausblick
by
in SecurityNewsCyberkriminelle haben 2024 mit QR-Code-Betrug, KI-gestützten Angriffen und Supply-Chain-Exploits neue Maßstäbe gesetzt. Unternehmen stehen vor einer wachsenden Bedrohungslandschaft, die ausgeklügelte Sicherheitsmaßnahmen erfordert, um proaktiv auf die Herausforderungen von 2025 vorbereitet zu sein. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/cybersecurity/cyber-bedrohungen-2024-trends-und-ausblick/
-
Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions
by
in SecurityNewsIn yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner.The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security…
-
Supply chain compromise of Ultralytics AI library results in trojanized versions
by
in SecurityNewsAttackers have compromised Ultralytics YOLO packages published on PyPI, the official Python package index, by compromising the build environment of the popular library for creating custom machine learning models. The malicious code deployed cryptocurrency mining malware on systems that installed the package, but the attackers could have delivered any type of malware.According to researchers from…
-
Supply chain attack compromises Solana Web3.js library
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/supply-chain-attack-compromises-solana-web3-js-library
-
Ultralytics AI model hijacked to infect thousands with cryptominer
by
in SecurityNewsThe popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI) First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/
-
Morrisons recovers warehouse systems following attack on Blue Yonder
by
in SecurityNewsThe U.K. supermarket chain was one of several high-profile customers impacted by a ransomware attack against the supply chain management software provider. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/morrisons-recovers-attack-blue-yonder/734863/
-
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks
by
in SecurityNewsCybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution.The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month.Unlike the first…
-
Supply-Chain-Attacke: Solana web3.js-Bibliothek war mit Schadcode verseucht
by
in SecurityNewsUnbekannte Angreifer haben Solanas JavaScript-SDK mit Schadcode zum Stehlen von privaten Schlüsseln ausgestattet. First seen on heise.de Jump to article: www.heise.de/news/Supply-Chain-Attacke-Solana-web3-js-Bibliothek-war-mit-Schadcode-verseucht-10190374.html
-
8 biggest cybersecurity threats manufacturers face
by
in SecurityNews
Tags: access, ai, apt, attack, authentication, automation, awareness, business, china, cloud, computer, control, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, ddos, detection, email, encryption, exploit, extortion, firmware, framework, group, Hardware, india, infrastructure, intelligence, international, Internet, iot, iran, lazarus, leak, malicious, malware, monitoring, network, nis-2, north-korea, open-source, password, phishing, ransom, ransomware, regulation, risk, risk-analysis, risk-assessment, russia, service, software, strategy, supply-chain, technology, threat, update, vulnerability, windowsThe manufacturing sector’s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs.Manufacturers, often prime targets for state-sponsored malicious actors and ransomware gangs, face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure.”Many manufacturing systems rely on outdated technology that lacks modern…
-
Solana Library Supply Chain Attack Exposes Cryptocurrency Wallets
by
in SecurityNewsA supply chain attack on the Solana library utilizing malicious npm versions has exposed private keys, putting crypto funds at risk First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/solana-library-supply-chain-attack/
-
Supply-Chain-Angriff als Python-Wrapper getarnt – Tools für KI-Chatbots dienen als Wirt für Malware JarkaStealer
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/python-wrapper-malware-angriff-ki-chatbot-tools-a-872c9650c1f7686c184269cd3d67cc5d/
-
Daten zu mehr als 8.500 neuen Sicherheitslücken – CodeSentry 6.1 sichert die Software-Lieferkette ab
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/codesentry-6-1-binaercode-analyse-sicherheitsluecken-erkennung-a-88ba08971daaf9135059f8682f4e8890/
-
Solana Web3.js library backdoored to steal secret, private keys
by
in SecurityNewsThe legitimate Solana JavaScript SDK was temporarily compromised yesterday in a supply chain attack, with the library backdoored with malicious code to steal cryptocurrency private keys and drain wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/solana-web3js-library-backdoored-to-steal-secret-private-keys/
-
Solana’s popular web3.js library backdoored in supply chain compromise
by
in SecurityNewsA software supply chain attack has lead to the publication of malicious versions of Solana’s web3.js library on the npm registry. Just like the recent Lottie Player … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/04/solana-web3-js-supply-chain-compromise/
-
Solana Web3.js Library Backdoored in Supply Chain Attack
by
in SecurityNewsSupply chain attack leads to decentralized application developers downloading backdoored versions of the Solana Web3.js library. The post Solana Web3.js Library Backdoored in Supply Chain Attack appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/solana-web3-js-library-backdoored-in-supply-chain-attack/
-
Researchers Uncover Backdoor in Solana’s Popular Web3.js npm Library
by
in SecurityNewsCybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users’ private keys with an aim to drain their cryptocurrency wallets.The attack has been detected in versions 1.95.6 and 1.95.7. Both these versions are no longer available for download from…