Tag: supply-chain
-
60 New Malicious Packages Uncovered in NuGet Supply Chain Attack
Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/60-new-malicious-packages-uncovered-in.html
-
CodeSecDays 2024: A Deep Dive in Software Supply Chain Security
Explore key insights from CodeSecDays 2024 on software supply chain security. Learn about AI in DevSecOps, SLSA frameworks, developer-security collabo… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/codesecdays-2024-a-deep-dive-in-software-supply-chain-security/
-
Building A Simple Neural Network Backdoor
Vulnerabilities in supply chains aren’t a new topic and have quite a bit of focus from both a hardware and software perspective. With this post, … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2020/10/29/building-a-simple-neural-network-backdoor/
-
Judge Dismisses Major SEC Charges Against SolarWinds and CISO
Judge dismissed SEC lawsuit charging SolarWinds and CISO Timothy Brown with hiding security problems before and after the SUNBURST supply chain compro… First seen on securityweek.com Jump to article: www.securityweek.com/judge-dismisses-major-sec-charges-against-solarwinds-and-ciso/
-
Malicious NuGet Campaign Exploits Homoglyphs and Code Injection to Fool Developers
ReversingLabs, a leading software supply chain security firm, has uncovered a sophisticated malicious campaign targeting the NuGet package manager, a … First seen on securityonline.info Jump to article: securityonline.info/malicious-nuget-campaign-exploits-homoglyphs-and-code-injection-to-fool-developers/
-
Cyber-Sicherheit entlang der Lieferkette: Unternehmen müssen sich wieder auf Grundlagen besinnen
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/cyber-sicherheit-lieferkette-unternehmen-muss-grundlagen-besinnung
-
‘NullBulge’ threat actor targets software supply chain, AI tech
SentinelOne published new research detailing NullBulge, an emerging ransomware actor that recently claimed to have stolen data from Disney’s internal … First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366596133/NullBulge-threat-actor-targets-software-supply-chain-AI-tech
-
Dark Web Monitoring: Wie Darknet Crawling die Lieferkette schützt
Damit es erst gar nicht zur Störung der Lieferkette kommt, sollten Unternehmen die Cyber-Gefährdung ihrer Lieferanten kennen. Nicht jeder Lieferant is… First seen on csoonline.com Jump to article: www.csoonline.com/de/a/wie-darknet-crawling-die-lieferkette-schuetzt
-
OSCR Report Exposes Software Supply Chain Security Vulnerabilities
First Annual Report Analyzes Millions of Vulnerabilities Against the Industry’s First Supply-Chain Specific Attack Matrix Software is the foundation o… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/oscr-report-exposes-software-supply-chain-security-vulnerabilities/
-
Schwachstelle in Cocoapods aufgedeckt – Millionen iOS-Apps verwundbar für Supply-Chain-Attacke
First seen on security-insider.de Jump to article: www.security-insider.de/cocoapods-sicherheitsluecke-ios-macos-apps-a-9cfb5272ebf1664d7d6cab007968df74/
-
Researchers Warn of Widespread Polyfill Supply Chain Attack
First seen on duo.com Jump to article: duo.com/decipher/researchers-warn-of-widespread-polyfill-supply-chain-attack
-
Trojanized jQuery Packages Spread via ‘Complex’ Supply Chain Attack
The campaign, which distributes dozens of malicious jQuery variants across npm, GitHub, and jsDelivr, appears to be a manual effort, and lacks the typ… First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/trojanized-jquery-packages-complex-supply-chain-attack
-
Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies
The supply chain attack targeting widely-used Polyfill[.]io JavaScript library is wider in scope than previously thought, with new findings from Censy… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/polyfillio-attack-impacts-over-380000.html
-
Ongoing NuGet supply chain attack involves dozens new malicious packages
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/ongoing-nuget-supply-chain-attack-involves-dozens-new-malicious-packages
-
Supply chain attack spreads trojanized jQuery packages
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/supply-chain-attack-spreads-trojanized-jquery-packages
-
Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks
A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to st… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/critical-flaws-in-cocoapods-expose-ios.html
-
Eclypsium and Everfox Partner to Deliver Enhanced Security for the Technology Supply Chain of the U.S. Government
Portland, OR July 11, 2024 Eclypsium, the leader in digital supply chain security for enterprise hardware, firmware and software infrastructure, today… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/eclypsium-and-everfox-partner-to-deliver-enhanced-security-for-the-technology-supply-chain-of-the-u-s-government/
-
97 FTSE 100 firms exposed to supply chain breaches
Between March 2023 and March 2024, 97 out of 100 companies on the UK’s FTSE 100 list were put at risk of compromise following supply chain breaches at… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366587593/97-FTSE-100-firms-exposed-to-supply-chain-breaches
-
Polyfill.io Supply Chain Attack: Malicious JavaScript Injection Puts Over 100k Websites At Risk
Polyfill.io helps web developers achieve cross-browser compatibility by automatically managing necessary polyfills. By adding a script tag to their HT… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/polyfill-io-supply-chain-attack-malicious-javascript-injection-puts-over-100k-websites-at-risk/
-
Apple CocoaPods Bugs Expose Millions of Apps to Code Injection
Critical dependency manager supply chain vulnerabilities have exposed millions and millions of devices to arbitrary malware for the better part of dec… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/apple-cocoapods-bugs-expose-apps-code-injection
-
Millions of Apple Applications Were Vulnerable to CocoaPods Supply Chain Attack
First seen on techrepublic.com Jump to article: www.techrepublic.com/article/apple-applications-cocoapods-supply-chain-attack/
-
Practical Guidance For Securing Your Software Supply Chain
The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their softw… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/practical-guidance-for-securing-your.html
-
Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain
Cybersecurity company Censys has identified over 380,000 hosts that are still referencing the malicious polyfill.io domain. Censys reported that over … First seen on securityaffairs.com Jump to article: securityaffairs.com/165302/hacking/polyfill-io-supply-chain-attack.html
-
Almost Every Apple Device Vulnerable To CocoaPods Supply Chain Attack
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36053/Almost-Every-Apple-Device-Vulnerable-To-CocoaPods-Supply-Chain-Attack.html
-
Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack
Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/over-110000-websites-affected-by.html
-
Cybersecurity in der Lieferkette: Wie Sie Ihre SoftwareChain schützen
Software-Lieferketten stehen unter Druck: Eine Schwachstelle entlang der Lieferkette kann zu einer Vielzahl von Opfern führen. So können sich Unterneh… First seen on csoonline.com Jump to article: www.csoonline.com/de/a/wie-sie-ihre-software-supply-chain-schuetzen
-
Over 380,000+ Hosts Embedding Polyfill JS script Linking to Malicious Domain
Over 380,000 web hosts have been found embedding a compromised Polyfill.io JavaScript script, linking to a malicious domain. This supply chain attack … First seen on gbhackers.com Jump to article: gbhackers.com/hosts-embedding-polyfill-js/
-
‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought
First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/polyfill-supply-chain-richixb/
-
How AI could bolster software supply chain security
Supply chain risks have become more complicated and continue to affect a variety of organizations, but Synopsys’ Tim Mackey believes AI could help cre… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366586557/How-AI-could-bolster-software-supply-chain-security
-
CocoaPods: Anfällig für Supply-Chain-Angriffe in zahllosen Mac- und iOS-Apps
Der Dependency-Manager auf Open-Source-Basis steckt in Millionen von Swift- und Objective-C-Programmen. Offenbar standen für fast ein Jahrzehnt die To… First seen on heise.de Jump to article: www.heise.de/news/CocoaPods-Anfaellig-fuer-Supply-Chain-Angriffe-in-zahllosen-Mac-und-iOS-Apps-9786099.html