Tag: supply-chain
-
Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets
The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics tools. T… First seen on securityweek.com Jump to article: www.securityweek.com/sisense-data-breach-triggers-cisa-alert-and-urgent-calls-for-credential-resets/
-
XZ-Utils-Vorfall Open Source als SoftwareChain-Falle
Die Entwicklung von Open-Source wird oftmals angepriesen, da die Projekte öffentlich zugänglich sind und somit von Unabhängigen überprüft werden könne… First seen on netzpalaver.de Jump to article: netzpalaver.de/2024/04/08/xz-utils-vorfall-open-source-als-software-supply-chain-falle/
-
XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor
First seen on techrepublic.com Jump to article: www.techrepublic.com/article/xz-backdoor-linux/
-
Breach Roundup: Sisense Supply Chain Attack
Also: A Romanian Botnet and Alcohol Counselor Monument Settles with US FTC Over Ads. This week, Sisense supply chain attack, a likely Romanian botnet,… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-sisense-supply-chain-attack-a-24841
-
Supply chain SNAFU causes Intel and others to ship hackable hardware for 5 years
First seen on arstechnica.com Jump to article: arstechnica.com/
-
Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks
Wiz.io, known for its cloud security expertise, and Hugging Face, a leader in open-source AI tools, are combining their knowledge to develop solutions… First seen on hackread.com Jump to article: www.hackread.com/hugging-face-vulnerability-ai-supply-chain-attack/
-
Eclypsium’s Digital Supply Chain Security Platform Releases AI-Assisted Binary Analysis Engine
New Eclypsium Automata replicates expert security researchers’ knowledge and leverages advances in machine learning to discover threats, backdoors, an… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/eclypsiums-digital-supply-chain-security-platform-releases-ai-assisted-binary-analysis-engine/
-
Open-Source Foundations Join Forces on Digital Supply Chain
Europe’s Cyber Resilience Act Pressures Open-Source Foundations and Manufacturers. Foundations housing seven large open-source projects are banding to… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/open-source-foundations-join-forces-on-digital-supply-chain-a-24804
-
XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack
First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/xz-utils-backdoor-implanted-in-intricate-multi-year-supply-chain-attack
-
Die Cybersicherheit von Deutschlands Top 100 Unternehmen – Risiken in der Lieferkette im digitalen Ökosystem
First seen on security-insider.de Jump to article: www.security-insider.de/cybersecurity-report-sicherheitsverletzungen-durch-dritte-2023-a-10968662af0dfc4e66f7f924dcacbf46/
-
Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others
Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organizati… First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/hackers-hijack-github-accounts-in.html
-
XZ and the Threats to the Digital Supply Chain
The discovery of the backdoor in xz utils compression software last week has shone a spotlight on the threats to the digital supply chain. Wired has a… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/xz-and-the-threats-to-the-digital-supply-chain/
-
Trusted Contributor Plants Sophisticated Backdoor in Critical Open-Source Library
A backdoor in XZ Utils, a widely used file-compressing software in Linux systems, could have led to a critical supply chain attack had a Microsoft res… First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/backdoor-xz-utils-linux-open-source/
-
New XZ backdoor scanner detects implant in any Linux binary
Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-xz-backdoor-scanner-detects-implant-in-any-linux-binary/
-
The Open-Source Backdoor That Almost Compromised SSH
The open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the nece… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/the-open-source-backdoor-that-almost-compromised-ssh/
-
Top 5 Vulnerabilities for March 2024: A Closer Look at the XZ Utils Supply Chain Attack
March may have roared in like a lion, but for cybersecurity professionals, it was more like a backdoor sneaking into a critical utility. This month, w… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/top-5-vulnerabilities-for-march-2024-a-closer-look-at-the-xz-utils-supply-chain-attack/
-
GitHub Developers Hit in Complex Supply Chain Cyberattack
First seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-developers-hit-in-complex-supply-chain-cyberattack
-
170K+ Python Developers GitHub Accounts Hacked in Supply Chain Attack
Over 170,000 users have fallen victim to a meticulously orchestrated scheme exploiting the Python software supply chain. The Checkmarx Research team h… First seen on gbhackers.com Jump to article: gbhackers.com/170k-user-accounts-hacked/
-
Complex Supply Chain Attack Targets GitHub Developers
Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform,… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/complex-supply-chain-attack-targets-github-developers/
-
Developers Hacked In Sophisticated Supply Chain Attack
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/35694/Developers-Hacked-In-Sophisticated-Supply-Chain-Attack.html
-
75% of third-party breaches target software, IT supply chains
First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366571699/75-of-third-party-breaches-target-software-IT-supply-chains
-
Binarly Attracts $10.5M to Tackle Software Supply Chain Security
Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital. The post les firmware and softw… First seen on securityweek.com Jump to article: www.securityweek.com/binarly-attracts-10-5m-to-tackle-software-supply-chain-security/
-
Top.gg, others targeted by software supply chain attack
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/top-gg-others-targeted-by-software-supply-chain-attack
-
Hackers poison source code from largest Discord bot platform
The Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to infect developers with malware that st… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-poison-source-code-from-largest-discord-bot-platform/
-
Eclypsium Announces New Global Partnership Program
Tags: supply-chainFollowing record results in FY23, company prioritizes channel momentum Portland, OR March 26, 2024 Eclypsium, the digital supply chain security comp… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/eclypsium-announces-new-global-partnership-program/
-
Top Python Developers Hacked in Sophisticated Supply Chain Attack
Multiple Python developers get infected after downloading malware-packed clone of the popular tool Colorama. The post Python developers get infected … First seen on securityweek.com Jump to article: www.securityweek.com/top-python-developers-hacked-in-sophisticated-supply-chain-attack/
-
Finite State Raises $20 Million to Grow Software Supply Chain Security Business
Software risk management firm Finite State has raised a $20 million growth round led by Energy Impact Partners (EIP). The post risk management firm F… First seen on securityweek.com Jump to article: www.securityweek.com/finite-state-raises-20-million-to-grow-software-supply-chain-security-business/
-
ML Model Repositories: The Next Big Supply Chain Attack Target
Machine-learning model platforms like Hugging Face are suspectible to the same kind of attacks that threat actors have executed successfully for years… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/ml-model-repositories-next-big-supply-chain-attack-target
-
Watch Now: Supply Chain & Third-Party Risk Summit 2024
Join the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues. (Login Now) The post … First seen on securityweek.com Jump to article: www.securityweek.com/virtual-event-today-supply-chain-third-party-risk-summit-2024/
-
Linux Supply Chain Validation Cheat Sheet
Linux provides several tools and techniques that allow users to query systems for information about hardware and firmware (This post builds on our pre… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/linux-supply-chain-validation-cheat-sheet/