Tag: supply-chain
-
Securing the Foundation: The Critical Role of Hardware in Supply Chain Attacks
As enterprises increasingly focus on supply chain security, a critical yet often overlooked element remains: hardware security. Many organizations fail to address the risks associated with underlying hardware, either due to misconceptions or the perceived complexity of mitigation efforts. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/securing-the-foundation-the-critical-role-of-hardware-in-supply-chain-attacks/
-
Securing the Software Supply Chain: Checkmarx One Expands its Offerings
Tags: ai, container, detection, exploit, programming, software, strategy, supply-chain, threat, toolThe software supply chain is under siege. Threat actors increasingly exploit weaknesses in code repositories, dependencies and mismanaged secrets to infiltrate and disrupt software development processes. In response, organizations are turning to robust strategies to safeguard their supply chains, including tools like SCA scanning, AI and container security, secrets detection and repository health monitoring. Checkmarx’s..…
-
African Reliance on Foreign Suppliers Boosts Insecurity Concerns
Recent backdoor implants and cyber-espionage attacks on their supply chains have African organizations looking to diversify beyond Chinese, American tech vendors. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/african-reliance-on-foreign-suppliers-boosts-insecurity
-
Bipartisan Senate bill targets supply chain threats from foreign adversaries
The bill would strengthen oversight powers for the body charged with investigating IT products from China and other foes. First seen on cyberscoop.com Jump to article: cyberscoop.com/federal-acquisition-security-council-improvement-act-supply-chain-security/
-
Lessons From OSC&R on Protecting the Software Supply Chain
A new report from the Open Software Supply Chain Attack Reference (OSC&R) team provides a framework to reduce how much vulnerable software reaches production. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/lessons-from-osc-r-on-protecting-the-software-supply-chain
-
Amazon Employee Data Compromised in MOVEit Breach
The data leak was not actually due to a breach in Amazon’s systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/amazon-employee-data-compromised-moveit-breach
-
‘GoIssue’ Cybercrime Tool Targets GitHub Developers En Masse
Marketed on a cybercriminal forum, the $700 tool harvests email addresses from public GitHub profiles, priming cyberattackers for further credential theft, malware delivery, OAuth subversion, supply chain attacks, and other corporate breaches. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/goissue-cybercrime-tool-github-developers-en-masse
-
New GoIssue Tool Targets GitHub Devs And Corporate Supply Chains
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36585/New-GoIssue-Tool-Targets-GitHub-Devs-And-Corporate-Supply-Chains.html
-
GitLoker Strikes Again: New >>Goissue<< Tool Targets GitHub Developers and Corporate Supply Chains
GoIssue is a new tool for cybercriminals that allows attackers to extract email addresses from GitHub profiles and send bulk emails to users. The post GitLoker Strikes Again: New >>Goissue
-
LottieFiles Issues Warning About Compromised lottie-player npm Package
LottieFiles has revealed that its npm package lottie-player was compromised as part of a supply chain attack, prompting it to release an updated versi… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/lottiefiles-issues-warning-about.html
-
Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation
Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning (ML) related open-source projects.These comprise vulnerabilities discovered both on the server- and client-side, software supply chain security firm JFrog said in an analysis published last week.The server-side weaknesses “allow attackers to hijack important servers in the First seen on thehackernews.com Jump…
-
Cyber-Angriffe auf die Lieferkette: Unternehmen sollten Risiken erkennen und gezielt vorbeugen
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/cyber-angriffe-lieferkette-unternehmen-risiken-erkennung-ziel-vorbeugung
-
Malicious NPM Packages Target Roblox Users with Data-Stealing Malware
A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber.”This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem, and…
-
The Global Effort to Maintain Supply Chain Security – Part Two
Various Cybersecurity Experts, CISO Global A well-run kitchen requires a fully stocked pantry and a clear understanding of what’s on hand. In cybersecurity, your pantry is your asset inventory”, every server, every piece of software, and even those firmware components lurking in the background. You wouldn’t want to cook without knowing exactly what ingredients are…
-
White House Outlines AI’s Role in National Security
The National Security Memorandum on Artificial Intelligence tasks various federal agencies with securing the AI supply chain from potential cyberattac… First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/white-house-outlines-ai-role-national-security
-
Supply Chain Attack Uses Smart Contracts for C2 Ops
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/supply-chain-attack-smart/
-
Ethereum Smart Contracts Enable Evasive C2 in New Supply Chain Attack
A recent report from the Checkmarx Security Research Team reveals a sophisticated supply chain attack targeting the NPM ecosystem. The attack involves a malicious package, jest-fet-mock, which uses Ethereum smart... First seen on securityonline.info Jump to article: securityonline.info/ethereum-smart-contracts-enable-evasive-c2-in-new-supply-chain-attack/
-
LottieFiles Supply Chain Attack Exposes Users To Wallet Drainer
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36537/LottieFiles-Supply-Chain-Attack-Exposes-Users-To-Wallet-Drainer.html
-
Supply Chain Attack on Popular Animation Library Lottie-Player Targets Web3 Users
In a sophisticated supply chain attack, malicious actors infiltrated the widely-used JavaScript library lottie-player, injecting code that opens a Web… First seen on securityonline.info Jump to article: securityonline.info/supply-chain-attack-on-popular-animation-library-lottie-player-targets-web3-users/
-
DEF CON 32 The Edges Of Surveillance System And Its Supply Chain
Tags: supply-chainAuthors/Presenters: Chanin Kim, Myounghun Pak Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/def-con-32-the-edges-of-surveillance-system-and-its-supply-chain/
-
Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups
A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized fin… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/31/lottie-player-compromise/
-
Heise meets¦. Explodierende Pager sind klassische Supply-Chain-Attacken
Tags: supply-chainFirst seen on heise.de Jump to article: www.heise.de/news/Heise-meets-Explodierende-Pager-sind-klassische-Supply-Chain-Attacken-9999177.html
-
Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets
LottieFiles has confirmed that Lottie-Player has been compromised in a supply chain attack whose goal is cryptocurrency theft. The post Lottie-Player … First seen on securityweek.com Jump to article: www.securityweek.com/lottie-player-supply-chain-attack-targets-cryptocurrency-wallets/
-
LottieFiles confirmed a supply chain attack on Lottie-Player
LottieFiles confirmed a supply chain attack on Lottie-Player, and threat actors targeted cryptocurrency wallets to steal funds. LottieFiles confirmed … First seen on securityaffairs.com Jump to article: securityaffairs.com/170441/hacking/lottiefiles-confirmed-a-supply-chain-attack-on-lottie-player.html
-
Compliance is Key: How GDPR CCPA Shape Secure Supply Chains
In the modern, globalized business environment, data security and privacy measures are not just necessary but essential, as supply chains cut across b… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/strengthening-supply-chain-security/
-
Supply chain attack compromises LottieFiles npm package with crypto drainer
First seen on scworld.com Jump to article: www.scworld.com/brief/supply-chain-attack-compromises-lottiefiles-npm-package-with-crypto-drainer