Tag: supply-chain
-
US Treasury Department workstations breached in attack attributed to China
Tags: access, advisory, apt, attack, banking, ceo, china, cloud, cybersecurity, government, hacking, infrastructure, intelligence, microsoft, russia, saas, service, supply-chain, threat, update, vulnerabilityThe US Department of the Treasury revealed on Monday that an attacker was able to bypass security, access an undisclosed number of Treasury workstations, and steal “certain unclassified documents,” in what it called a “major cybersecurity incident”.In a letter to the US Senate’s Committee on Banking, Housing and Urban Affairs, the Treasury Department said that…
-
Chrome extensions compromised in Christmas Day supply chain attack
First seen on scworld.com Jump to article: www.scworld.com/news/chrome-extensions-compromised-in-christmas-day-supply-chain-attack
-
Hacking campaign compromised at least 16 Chrome browser extensions
Threat actors compromised at least 16 Chrome browser extensions leading to the exposure of data from over 600,000 users. A supply chain attack compromised 16 Chrome browser extensions, exposing over 600,000 users. Threat actors targeted the publishers of the extensions on the Chrome Web Store via phishing messages, then once obtained access to their account…
-
10 of the biggest ransomware attacks in 2024
Ransomware attacks against U.S. organizations in 2024 disrupted healthcare systems, supply chains and government services and led to tens of millions of dollars in ransom payments. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366617564/10-of-the-biggest-ransomware-attacks-in-2024
-
Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign
The recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago. The post Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cyberhaven-chrome-extension-hack-linked-to-widening-supply-chain-campaign/
-
Supply Chain Resilience and Physical Security: Lessons for 2025
Physical and software supply chain risks make up an increasingly large part of the threat landscape. Here are the evolving risks – and solutions. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/supply-chain-resilience-for-2025/
-
Supply chain attack compromises rspack, Vant packages with XMRig cryptominer
First seen on scworld.com Jump to article: www.scworld.com/brief/supply-chain-attack-compromises-rspack-vant-packages-with-xmrig-cryptominer
-
Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner
Popular npm packages, Rspack and Vant, were recently compromised with malicious code. Learn about the attack, the impact, and how to protect your projects from similar threats. First seen on hackread.com Jump to article: hackread.com/supply-chain-attack-rspack-vant-npm-monero-miner/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 25
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion Spyware distributed through Amazon Appstore BADBOX Botnet Is Back Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware 4.5 Million (Suspected) Fake Stars in GitHub: A Growing…
-
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware.Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry.…
-
Supply Chain Risk Mitigation Must Be a Priority in 2025
A balance of rigorous supplier validation, purposeful data exposure, and meticulous preparation is key to managing and mitigating risk. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/supply-chain-risk-mitigation-priority-2025
-
Malicious Supply Chain Attacking Moving From npm Community To VSCode Marketplace
Researchers have identified a rise in malicious activity on the VSCode Marketplace, highlighting the vulnerability of the platform to supply chain attacks similar to those previously seen in the npm community. Malicious actors are increasingly exploiting npm packages to distribute malicious code, mirroring tactics previously used in VSCode extensions that involve the npm package etherscancontracthandler,…
-
IAM Predictions for 2025: Identity as the Linchpin of Business Resilience
Tags: access, ai, apple, attack, authentication, banking, breach, business, cloud, compliance, corporate, credentials, crime, data, deep-fake, detection, finance, iam, identity, malicious, microsoft, mobile, office, passkey, password, privacy, regulation, resilience, risk, service, supply-chain, theft, threat, tool, vulnerabilityIAM Predictions for 2025: Identity as the Linchpin of Business Resilience madhav Thu, 12/19/2024 – 05:33 As we look toward 2025, the lessons of 2024 serve as a stark reminder of the rapidly evolving identity and access management (IAM) landscape. The numbers tell the story: The latest Identity Theft Resource Center report indicates that consumers…
-
Malicious Microsoft VSCode extensions target devs, crypto community
Malicious Visual Studio Code extensions were discovered on the VSCode marketplace that download heavily obfuscated PowerShell payloads to target developers and cryptocurrency projects in supply chain attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-microsoft-vscode-extensions-target-devs-crypto-community/
-
New Attacks Exploit VSCode Extensions and npm Packages
Malicious campaigns targeting VSCode extensions have recently expanding to npm, risking software supply chains First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threat-actors-exploit-vscode/
-
Key strategies to enhance cyber resilience
Tags: attack, awareness, backup, banking, breach, business, ceo, compliance, control, crowdstrike, cyber, cybersecurity, data, finance, government, group, healthcare, incident, incident response, infrastructure, insurance, metric, network, phishing, programming, ransom, ransomware, resilience, risk, security-incident, service, skills, software, strategy, supply-chain, technology, threat, training, update, vulnerability, windowsThe faulty CrowdStrike software update that triggered IT outages on a global scale in July was a sobering reminder of the importance of incident response and business continuity plans.The update caused more than eight million Windows devices to crash and take down with them airline reservation systems, hospital and government services, financial and banking applications…
-
Sonar Expands to Third-Party Code Security with Tidelift Buy
Deal Targets Open Source Library Risks in Software Supply Chain, Boosts DevSecOps. The integration of Tidelift into Sonar’s ecosystem will enhance software supply chain security by leveraging human-verified insights from maintainers of popular open source libraries. Developers can expect comprehensive tools to address vulnerabilities in first-party, AI-generated, and third-party code. First seen on govinfosecurity.com Jump…
-
Harnessing Threat Intel and Automation to Counter Supply Chain Risks
First seen on scworld.com Jump to article: www.scworld.com/perspective/harnessing-threat-intel-and-automation-to-counter-supply-chain-risks
-
All Major European Financial Firms Suffer Supplier Breaches
SecurityScorecard claims 100% of Europe’s top financial services companies have suffered a supply chain breach in the past year First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/all-europes-top-financial-firms/
-
390,000 WordPress accounts stolen from hackers in supply chain attack
A threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/390-000-wordpress-accounts-stolen-from-hackers-in-supply-chain-attack/
-
Sinkendes Sicherheitsniveau und verschärfte Rahmenbedingungen belasten Developer
Tags: supply-chainDer neue Snyk-Report zeigt: Wachsende Anforderungen und unzureichende Supply-Chain-Sicherheit überfordern Teams. Dennoch sind OSS-Projekte im Vorteil. First seen on heise.de Jump to article: www.heise.de/news/Sinkendes-Sicherheitsniveau-und-verschaerfte-Rahmenbedingungen-belasten-Developer-10198335.html
-
Time of Reckoning Reviewing My 2024 Cybersecurity Predictions
Tags: ai, attack, automation, awareness, breach, business, chatgpt, china, compliance, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, disinformation, election, espionage, exploit, healthcare, incident response, infrastructure, jobs, law, linkedin, malware, monitoring, moveIT, phishing, privacy, ransomware, regulation, risk, russia, service, software, supply-chain, technology, threat, tool, ukraine, update, vulnerability, warfare, zero-dayThe brutal reality is that cybersecurity predictions are only as valuable as their accuracy. As 2024 comes to a close, I revisit my forecasts to assess their utility in guiding meaningful decisions. Anyone can make predictions (and far too many do), but actually being correct is another matter altogether. It is commonplace for security companies…
-
Yearlong supply-chain attack targeting security pros steals 390K credentials
Multifaceted, high-precision campaign targets malicious and benevolent hackers alike. First seen on arstechnica.com Jump to article: arstechnica.com/security/2024/12/yearlong-supply-chain-attack-targeting-security-pros-steals-390k-credentials/