Tag: supply-chain
-
GitLoker Strikes Again: New >>Goissue<< Tool Targets GitHub Developers and Corporate Supply Chains
by
in SecurityNewsGoIssue is a new tool for cybercriminals that allows attackers to extract email addresses from GitHub profiles and send bulk emails to users. The post GitLoker Strikes Again: New >>Goissue
-
LottieFiles Issues Warning About Compromised lottie-player npm Package
by
in SecurityNewsLottieFiles has revealed that its npm package lottie-player was compromised as part of a supply chain attack, prompting it to release an updated versi… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/lottiefiles-issues-warning-about.html
-
Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation
by
in SecurityNewsCybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning (ML) related open-source projects.These comprise vulnerabilities discovered both on the server- and client-side, software supply chain security firm JFrog said in an analysis published last week.The server-side weaknesses “allow attackers to hijack important servers in the First seen on thehackernews.com Jump…
-
Cyber-Angriffe auf die Lieferkette: Unternehmen sollten Risiken erkennen und gezielt vorbeugen
by
in SecurityNewsFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/cyber-angriffe-lieferkette-unternehmen-risiken-erkennung-ziel-vorbeugung
-
Malicious NPM Packages Target Roblox Users with Data-Stealing Malware
by
in SecurityNewsA new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber.”This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem, and…
-
The Global Effort to Maintain Supply Chain Security – Part Two
by
in SecurityNewsVarious Cybersecurity Experts, CISO Global A well-run kitchen requires a fully stocked pantry and a clear understanding of what’s on hand. In cybersecurity, your pantry is your asset inventory”, every server, every piece of software, and even those firmware components lurking in the background. You wouldn’t want to cook without knowing exactly what ingredients are…
-
White House Outlines AI’s Role in National Security
by
in SecurityNewsThe National Security Memorandum on Artificial Intelligence tasks various federal agencies with securing the AI supply chain from potential cyberattac… First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/white-house-outlines-ai-role-national-security
-
Supply Chain Attack Uses Smart Contracts for C2 Ops
by
in SecurityNewsFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/supply-chain-attack-smart/
-
Ethereum Smart Contracts Enable Evasive C2 in New Supply Chain Attack
by
in SecurityNewsA recent report from the Checkmarx Security Research Team reveals a sophisticated supply chain attack targeting the NPM ecosystem. The attack involves a malicious package, jest-fet-mock, which uses Ethereum smart... First seen on securityonline.info Jump to article: securityonline.info/ethereum-smart-contracts-enable-evasive-c2-in-new-supply-chain-attack/
-
LottieFiles Supply Chain Attack Exposes Users To Wallet Drainer
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36537/LottieFiles-Supply-Chain-Attack-Exposes-Users-To-Wallet-Drainer.html
-
Supply Chain Attack on Popular Animation Library Lottie-Player Targets Web3 Users
by
in SecurityNewsIn a sophisticated supply chain attack, malicious actors infiltrated the widely-used JavaScript library lottie-player, injecting code that opens a Web… First seen on securityonline.info Jump to article: securityonline.info/supply-chain-attack-on-popular-animation-library-lottie-player-targets-web3-users/
-
DEF CON 32 The Edges Of Surveillance System And Its Supply Chain
by
in SecurityNews
Tags: supply-chainAuthors/Presenters: Chanin Kim, Myounghun Pak Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/def-con-32-the-edges-of-surveillance-system-and-its-supply-chain/
-
Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups
by
in SecurityNewsA supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized fin… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/31/lottie-player-compromise/
-
Heise meets¦. Explodierende Pager sind klassische Supply-Chain-Attacken
by
in SecurityNews
Tags: supply-chainFirst seen on heise.de Jump to article: www.heise.de/news/Heise-meets-Explodierende-Pager-sind-klassische-Supply-Chain-Attacken-9999177.html
-
Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets
by
in SecurityNewsLottieFiles has confirmed that Lottie-Player has been compromised in a supply chain attack whose goal is cryptocurrency theft. The post Lottie-Player … First seen on securityweek.com Jump to article: www.securityweek.com/lottie-player-supply-chain-attack-targets-cryptocurrency-wallets/
-
LottieFiles confirmed a supply chain attack on Lottie-Player
by
in SecurityNewsLottieFiles confirmed a supply chain attack on Lottie-Player, and threat actors targeted cryptocurrency wallets to steal funds. LottieFiles confirmed … First seen on securityaffairs.com Jump to article: securityaffairs.com/170441/hacking/lottiefiles-confirmed-a-supply-chain-attack-on-lottie-player.html
-
Compliance is Key: How GDPR CCPA Shape Secure Supply Chains
by
in SecurityNewsIn the modern, globalized business environment, data security and privacy measures are not just necessary but essential, as supply chains cut across b… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/strengthening-supply-chain-security/
-
Supply chain attack compromises LottieFiles npm package with crypto drainer
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/supply-chain-attack-compromises-lottiefiles-npm-package-with-crypto-drainer
-
Why Supply Chain Security Demands Focus on Hardware
by
in SecurityNewsSupply chain security for servers, PCs, laptops, and devices has correctly focused on protecting these systems from vulnerabilities introduced through… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/why-supply-chain-security-demands-focus-on-hardware/
-
LottieFiles hacked in supply chain attack to steal users’ crypto
by
in SecurityNewsThe popular LottieFiles Lotti-Player project was compromised in a supply chain attack to inject a crypto drainer into websites that steals visitors’ c… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lottiefiles-hacked-in-supply-chain-attack-to-steal-users-crypto/
-
Fortanix and Sectigo partner to automate software supply chain security
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/fortanix-and-sectigo-partner-to-automate-software-supply-chain-security
-
LottieFiles hit in npm supply chain attack targeting users’ crypto
by
in SecurityNewsLottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so the… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lottiefiles-hit-in-npm-supply-chain-attack-targeting-users-crypto/
-
Socket lands a fresh $40M to scan software for security flaws
by
in SecurityNewsThe software supply chain, which comprises the components and processes used to develop software, has become precarious. According to one recent surve… First seen on techcrunch.com Jump to article: techcrunch.com/2024/10/22/socket-lands-a-fresh-40m-to-scan-software-for-security-flaws/
-
Researchers link Polyfill supply chain attack to huge network of copycat gambling sites
by
in SecurityNewsFirst seen on techcrunch.com Jump to article: techcrunch.com/2024/10/22/researchers-link-polyfill-supply-chain-attack-to-huge-network-of-copycat-gambling-sites/
-
Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain
by
in SecurityNewsA long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging. Ident… First seen on securityaffairs.com Jump to article: securityaffairs.com/170324/security/third-party-identities-cybersecurity-supply-chain.html
-
Supply Chain Cybersecurity Beyond Traditional Vendor Risk Management
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/supply-chain-cybersecurity-traditional-vendor-risk-management
-
US Energy Sector Vulnerable to Supply Chain Attacks
by
in SecurityNewsFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-energy-vulnerable-supply-chain/
-
Supply Chain Weakness: Crypt Ghouls Exploit Contractors to Deploy Ransomware
by
in SecurityNewsKaspersky Labs has identified a new cybercriminal group dubbed Crypt Ghouls, responsible for a series of ransomware attacks against Russian businesses… First seen on securityonline.info Jump to article: securityonline.info/supply-chain-weakness-crypt-ghouls-exploit-contractors-to-deploy-ransomware/
-
Massive copycat gambling site network leveraged in Polyfill supply chain attack
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/massive-copycat-gambling-site-network-leveraged-in-polyfill-supply-chain-attack