Tag: supply-chain
-
Cyberint’s 2024 Report Highlights Surge in Credential Theft and Rise of AI-Powered Phishing
Cyberint, a Check Point company, has released its 2024 Cyber Security Landscape Report, painting a concerning picture of the evolving threat landscape. The report, drawing on data from the Cyberint Argos Platform, analysed 140,000 cyber threat alerts across critical industries, revealing a 333% surge in credential theft, a significant rise in supply chain attacks, and…
-
Ultralytics Supply-Chain Attack
Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ”, which has almost 60 million downloads”, was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading…
-
KI-gestützte Bedrohungen und Schwachstellen in der Lieferkette dominieren Europas Bedrohungslandschaft
Cyberint, ein Unternehmen von Check Point, stellt in neuestem Bericht einen Anstieg von 333 Prozent bei Datendiebstählen fest und warnt vor KI-getriebener Ransomware. Cyberint, jetzt Check Point External Risk Management, hat in seinem Bericht alarmierende Erkenntnisse veröffentlicht, welche die rasante Entwicklung von Cyber-Bedrohungen behandeln. Der Bericht zeigt einen Anstieg des […] First seen on netzpalaver.de…
-
KI-gestützte Bedrohungen und Schwachstellen in der Lieferkette dominieren in Europa
Der Bericht ‘Europe Threat Landscape Report 2024-2025″ bietet Organisationen ein hilfreiches Framework, um sich in der Cyber-Bedrohungslandschaft zurechtzufinden und auf die bevorstehenden Herausforderungen vorbereiten zu können. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ki-gestuetzte-bedrohungen-und-schwachstellen-in-der-lieferkette-dominieren-in-europa/a39257/
-
IT pros say hackers could compromise device supply chain, firmware security
First seen on scworld.com Jump to article: www.scworld.com/news/it-pros-say-hackers-could-compromise-device-supply-chain-firmware-security
-
Checkmarx CEO: Evolving Supply Chain Threats Demand Action
Checkmarx’s Sandeep Johri Details Malicious Code, AI Risks in Application Security. As software complexities grow, supply chain security is now essential to application security, according to Sandeep Johri, Checkmarx CEO. Johri discusses the challenges of malicious code, adversarial AI and the market’s call for consolidated security platforms. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/checkmarx-ceo-evolving-supply-chain-threats-demand-action-a-27040
-
Cardiac surgery device manufacturer falls prey to ransomware
Tags: attack, breach, business, cyber, cyberattack, cybercrime, data, group, hacker, healthcare, ransom, ransomware, service, supply-chainThe healthcare industry has been increasingly in the crosshairs of cyberattackers this year, with ransomware near the top of the sector’s biggest cyber threats. Hackers are attacking IT systems and personal data, among other things, with the aim of manipulation or theft. But it’s not just hospitals that are affected by cyberattacks; their suppliers are under attack as well.…
-
Containers have 600+ vulnerabilities on average
Containers are the fastest growing and weakest cybersecurity link in software supply chains, according to NetRise. Companies are struggling to get container … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/11/containers-security-concerns/
-
Lessons From the Largest Software Supply Chain Incidents
The software supply chain is a growing target, and organizations need to take special care to safeguard it. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/lessons-largest-software-supply-chain-incidents
-
Blue Yonder investigating data leak claim following ransomware attack
The software supply chain company is widening its investigation after Termite ransomware leaked data it claims is linked to the attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/blue-yonder-data-leak-ransomware/734987/
-
Sprawling ‘Operation Digital Eye’ Attack Targets European IT Orgs
A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/operation-digital-eye-attack-targets-european-it-orgs
-
Moody’s: Hackers Aim for Big Payouts, Supply Chain Attacks
Big Game Hunting Will Intensify in 2025, Says Credit Rating Agency. Improved cybersecurity will result in ransomware hackers targeting larger organizations to wring out high dollar extortion payments and intensified focus on supply chain attacks, predicts Moody’s Ratings. The share of ransomware victims willing to meet criminal demands for money is at record lows. First…
-
Supply chain attack compromises Ultralytics AI model
First seen on scworld.com Jump to article: www.scworld.com/brief/supply-chain-attack-compromises-ultralytics-ai-model
-
Update your OpenWrt router! Security issue made supply chain attack possible
A security issue that could have allowed attackers to serve malicious firmware images to users has been fixed by OpenWrt Project, the organization that helms the development … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/09/openwrt-security-update-supply-chain-attack/
-
35 more Semgrep rules: infrastructure, supply chain, and Ruby
By Matt Schwager and Travis Peters We are publishing another set of custom Semgrep rules, bringing our total number of public rules to 115. This blog post will briefly cover the new rules, then explore two Semgrep features in depth: regex mode (especially how it compares against generic mode), and HCL language support for technologies……
-
OpenWrt orders router firmware updates after supply chain attack scare
A couple of bugs lead to a potentially bad time First seen on theregister.com Jump to article: www.theregister.com/2024/12/09/openwrt_firmware_vulnerabilities/
-
Ultralytics AI Library with 60M Downloads Compromised for Cryptomining
Another day, another supply chain attack! First seen on hackread.com Jump to article: hackread.com/ultralytics-ai-library-compromised-for-cryptomining/
-
Ultralytics YOLO AI model compromised in supply chain attack
While Ultralytics has not released an official security advisory, the company pulled two recent versions of its YOLO11 AI model after reports emerged that they contained a cryptominer. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366616877/Ultralytics-YOLO-AI-model-compromised-in-supply-chain-attack
-
Blue Yonder investigating data theft claims after ransomware gang takes credit for cyberattack
Supply chain software giant Blue Yonder says it is investigating claims of data theft after a ransomware gang threatened to publish troves of data stolen from the company. Arizona-based Blue Yonder, which provides supply chain management software to thousands of organizations including DHL, Starbucks and Walgreens, was hit by a cyberattack on November 21. The…
-
Cyber-Bedrohungen 2024: Trends und Ausblick
Cyberkriminelle haben 2024 mit QR-Code-Betrug, KI-gestützten Angriffen und Supply-Chain-Exploits neue Maßstäbe gesetzt. Unternehmen stehen vor einer wachsenden Bedrohungslandschaft, die ausgeklügelte Sicherheitsmaßnahmen erfordert, um proaktiv auf die Herausforderungen von 2025 vorbereitet zu sein. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/cybersecurity/cyber-bedrohungen-2024-trends-und-ausblick/
-
Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions
In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner.The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security…
-
Supply chain compromise of Ultralytics AI library results in trojanized versions
Attackers have compromised Ultralytics YOLO packages published on PyPI, the official Python package index, by compromising the build environment of the popular library for creating custom machine learning models. The malicious code deployed cryptocurrency mining malware on systems that installed the package, but the attackers could have delivered any type of malware.According to researchers from…
-
Supply chain attack compromises Solana Web3.js library
First seen on scworld.com Jump to article: www.scworld.com/brief/supply-chain-attack-compromises-solana-web3-js-library
-
Ultralytics AI model hijacked to infect thousands with cryptominer
The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI) First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/
-
Morrisons recovers warehouse systems following attack on Blue Yonder
The U.K. supermarket chain was one of several high-profile customers impacted by a ransomware attack against the supply chain management software provider. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/morrisons-recovers-attack-blue-yonder/734863/
-
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks
Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution.The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month.Unlike the first…
-
Supply-Chain-Attacke: Solana web3.js-Bibliothek war mit Schadcode verseucht
Unbekannte Angreifer haben Solanas JavaScript-SDK mit Schadcode zum Stehlen von privaten Schlüsseln ausgestattet. First seen on heise.de Jump to article: www.heise.de/news/Supply-Chain-Attacke-Solana-web3-js-Bibliothek-war-mit-Schadcode-verseucht-10190374.html