The Cyber Express
Cencora Data Breach Far More Widespread than Earlier Thought
The impact of the Cencora data breach is far more widespread than earlier thought as more than a dozen pharmaceutical
The Cyber Express
The impact of the Cencora data breach is far more widespread than earlier thought as more than a dozen pharmaceutical
Cyber Security News
TriangleDB", this malware infection chain consists of a malicious iMessage attachment which launches a chain of exploits on affected devices.
Security Magazine
59% of organizations experienced a software supply chain attack, with 54% of these respondents having experienced one in the past year.
SecurityWeek
Software supply chain security fears escalated with the discovery "deliberate sabotage" of code in the open-source npm package manager ecosystem.
DataBreaches
Sergiu Gatlan reports: An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to...
Security Affairs
Crypto platform Orbit Chain suffered a cyberattack, threat actors have stolen more than $81 million worth of cryptocurrency
CSO
Survey finds significant jump in software supply chain attacks after Log4j exposed.
Bleeping Computer
GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities.
Computerworld
Biometrics are supposed to be a fundamental pillar of modern authentication. Unfortunately, for a wide range of reasons and in a variety of ways, many biometric implementations are wildly inaccurate.
DataBreaches
The European Union Agency for Cybersecurity mapping on emerging supply chain attacks finds 66% of attacks focus on the supplier’s code. Supply chain attacks...
The Hacker News
Open Source Boon or Bane? Your Code's Hidden Vulnerabilities Exposed! Traditional SCAs fall short against stealthy supply chain attacks.
Security Affairs
Checkmark researchers have uncovered the first known targeted OSS supply chain attacks against the banking sector. In the first half of 2023, Checkmarx researchers detected multiple open-source software supply chain attacks aimed at the banking sector. These attacks targeted specific components in web assets used by banks, according to the experts the attackers used advanced techniques. […]
The Hacker News
Active supply chain attack targets popular voice & video conferencing software 3CX Desktop App, affecting hundreds of well-known brands.
Bleeping Computer
Orbit Chain has experienced a security breach that has resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin.
SecurityWeek
UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks.
SecurityWeek
A cybersecurity startup is warning of a major, unattended weak link in the software supply chain: the vexing problem of secrets sprawl -- API keys, usernames and passwords, and security certificates -- exposing weaknesses in the software supply chain.
Trend Micro
This report examines the infection chain and the pieces of malware used by malicious actors in supply-chain attacks that leveraged trojanized installers of chat-based customer engagement platforms.
SecurityWeek
Supply chain security: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers
Bleeping Computer
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack.
SecurityWeek
The LockBit ransomware group claims to have stolen hundreds of gigabytes of data from US sandwich chain Subway.
CSO
The health care provider has dramatically increased its estimate of the number of patients affected by the August 2023 attack.
Security Affairs
A supply chain attack against Crypto hardware wallet maker Ledger resulted in the theft of $600,000 in virtual assets.
Security Affairs
The National Institute of Standards and Technology (NIST) has released updated guidance for defending against supply-chain attacks. The National Institute of Standards and Technology (NIST) has released updated guidance for defending against supply chain attacks. NIST has published the “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations” in response to the Executive Order […]
The Hacker News
Newly discovered supply chain vulnerabilities found in MegaRAC BMC software affect servers from many vendors and could allow remote code execution .
Bleeping Computer
CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution (RCE) attacks as part of a pre-auth exploit chain.
Infosecurity News
ESET explained the impact of the supply chain attack translated to a 16.8% increase in Trojan detections
Bleeping Computer
Open-source software tools and Vault maker HashiCorp has disclosed a security incident that occurred due to the recent Codecov attack. HashiCorp, a Codecov customer, has stated that the recent Codecov supply-chain attack aimed at collecting developer credentials led to the exposure of HashiCorp's GPG signing key.
Infosecurity News
The UK National Cybersecurity Centre’s new guidance breaks down the essentials of a good supply chain mapping (SCM) list
Infosecurity News
Organizations need to be aware of a range of factors when managing their supply chain risk, says (ISC)2's CISO, Jon France
Ars Technica
When UNC4841 infected gov't and military networks, it was just getting started.
Security Affairs
Researchers warn of publicly exposed Kubernetes configuration secrets that could pose a threat of supply chain attack for organizations.
Cyber Security News
“EtherHiding” which abuses Binance's Smart Chain (BSC) contracts to host parts of a malicious code chain to hide them inside the blockchain.
The Hacker News
Discover how supply chain vulnerabilities can compromise your business.
Bleeping Computer
The National Institute of Standards and Technology (NIST) has released updated guidance on securing the supply chain against cyberattacks.
Bleeping Computer
An investigation into last month's 3CX supply chain attack discovered that it was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds.
Security Affairs
Threat actors behind the Emotet bot are continually improving their tactics, techniques, and procedures to avoid detection. VMware researchers have analyzed the supply chain behind the Emotet malware reporting that its operators are continually shifting their tactics, techniques, and procedures to avoid detection. The Emotet banking trojan has been active at least since 2014, the botnet is operated by […]
Security Affairs
Popular voice and video conferencing software 3CX was the victim of a supply chain attack, SentinelOne researchers reported. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular software as […]
SecurityWeek
Sequoia is leading a massive $50 million early-stage investment in Chainguard, a startup created by a team of ex-Google software engineers to "make software supply chain secure by default."
CyberSecurity Dive
It's so important to protect the supply chain and ensure the companies you're working with are as committed to that protection as you are.
DarkReading
As Verizon Business redefines "supply chain breach," it could either help organizations address third-party risk holistically or just conflate and confuse.
Infosecurity News
Mandiant said this would be the first instance of a software supply chain attack leading to another
Bleeping Computer
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide.
Bleeping Computer
Cloud communications company Twilio has now disclosed that the recent Codecov supply-chain attack exposed a small number of Twilio's customer email addresses.
The Hacker News
The National Institute of Standards and Technology (NIST) has released updated cybersecurity guidelines for managing supply chain risks.
ZDNet
Experts explain why the supply chain is now a top target for cybercriminals -- and what we should expect to see in 2022.
SecurityWeek
This virtual summit will examine the current state of supply chain attacks, the weakest links along the way, and best practices for managing this massive attack surface.
Latest Hacking News
Days after the horrifying cyberattack, more details about the 3CX incident surface online as Mandiant discloses its investigations. As revealed, the cyber attack on 3CX systems linked back to another supply-chain attack on a separate
SecurityWeek
CrowdStrike warns of a supply chain attack targeting North American and European organizations across multiple sectors with a trojanized Comm100 installer.
The Hacker News
Join industry experts Rhys Arkins and Jeffrey Martin for an exclusive webinar on combating supply chain threats.
DarkReading
Active threat hunting is the best protection against supply chain attacks like MOVEit and 3CX, experts say.
DataBreaches
Sergiu Gatlan reports: Russia says some of its federal agencies’ websites were compromised in a supply chain attack on Tuesday after unknown attackers...
SecurityWeek
Chainguard announces Wolfi, a stripped-down Linux OS distribution designed to improve the security of the software supply chain.
The Record
Hackers have been targeting Ukrainian government networks with a new supply chain attack using fake Windows installers.
SecurityWeek
Virtual event explores the critical nature of software and vendor supply chain security issues with a focus on understanding cascading effects.
SecurityWeek
Products from Venafi and Protect AI aim to secure traditional open source software supply chain and the new AI model software supply chain.
Ars Technica
"Most people thought it was way off. And I thought it was way off."
Infosecurity News
Orbit Chain said that the stolen cryptocurrency currently remains unmoved
DataBreaches
Hive ransomware gang has added another healthcare-related victim to its leak site. This time, the victim is Consulate Health Care (CHC), a chain of service...
SecurityWeek
Bessemer Ventures pours $30 million into Legit Security, an early-stage software supply chain security startup.
SecurityWeek
The personal information of more than 800,000 individuals was stolen from bookstore chain Dymocks in a cyberattack last week.
Trend Micro
In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”.
Infosecurity News
Only half of firms are requesting a software bill of materials
Bleeping Computer
The Golden Corral American restaurant chain disclosed a data breach after attackers behind an August cyberattack stole the personal information of over 180,000 people.
CSO
Meta researchers say their Online Operations Kill Chain framework offers a common taxonomy to understand the threat landscape and spot vulnerabilities.
SecurityWeek
Kusari has raised $8 million to help organizations gain visibility into and secure their software supply chain.
Infosecurity News
The NCSC guidance has been issued amid a significant increase in supply chain attacks in recent years
SecurityWeek
Canadian supermarket and pharmacy chain Sobeys recovering from a cyberattack, Black Basta ransomware likely to blame.
CSO
SLSA v1.0 has been designed to make the software supply chain security framework more accessible and specific to areas of the software delivery lifecycle.
Bleeping Computer
Canadian pharmacy chain London Drugs has closed all its retail stores to contain what it described as a "cybersecurity incident."
SecurityWeek
A new software supply chain hack combines typosquatting and the impersonation of a known Rust developer to plant malware aimed directly at infecting GitLab Continuous Integration (CI) pipelines.
SecurityWeek
A threat actor has infected hundreds of victims in an ongoing supply chain attack relying on malicious Python packages.
The Cyber Express
Infamous Medusa ransomware group has allegedly targeted and breached the data of a Florida, US based national specialty pharmacy chain
SecurityWeek
Google has teamed up with GitHub to improve software supply chain security with tamper-proof builds.
The Hacker News
Cybercrime group FIN7 has diversified its initial access vectors to include software supply chain compromises and the use of stolen credentials.
Infosecurity News
Study highlights threat detection challenge for many organizations
ThreatPost
Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain.
Cyber Security News
Researchers from Kaspersky Labs uncovered a new wave of 3CX supply chain attacks targeting cryptocurrency companies to implant Gopuram.
Bleeping Computer
The US Department of Justice charged the admin of the WireX Android botnet for targeting an American multinational hotel chain in a distributed denial-of-service (DDoS) attack.
Security Affairs
Threat actors hacked Russian federal agencies’ websites in a supply chain attack involving the compromise of a stats widget. Some Russian federal agencies’ websites were compromised in a supply chain attack, threat actors compromised the stats widget used to track the number of visitors by several government agencies. Threat actors were able to deface the […]
Bleeping Computer
Some of the victims affected by the 3CX supply chain attack have also had their systems backdoored with Gopuram malware, with the threat actors specifically targeting cryptocurrency companies with this additional malicious payload.
The Hacker News
Researchers uncover first-ever open-source software supply chain attacks targeting banks!
CSO
Zero-day exploits, supply chain attacks fuel 72% increase over previous record for incidents of compromise. Another increase is expected for 2024.
SecurityWeek
Washington startup Chainguard banks $61 million in new financing as investors make hefty wagers on software supply chain security companies.
Bleeping Computer
VoIP communications company 3CX confirmed today that a North Korean hacking group was behind last month's supply chain attack.
The Hacker News
3CX, has confirmed that multiple versions of its desktop app for Windows and macOS have been affected by a supply chain attack.
SecurityWeek
Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks.
CyberNews
How AI and ML models can increase software supply chain risks and lead to cybersecurity incidents
Security Affairs
Sobeys, the second-largest supermarket chain in Canada, was he victim of a ransomware attack conducted by the Black Basta gang. Sobeys Inc. is the second largest supermarket chain in Canada, the company operates over 1,500 stores operating across Canada under a variety of banners. It is a wholly-owned subsidiary of Empire Company Limited, a Canadian business conglomerate. During […]
The Hacker News
New npm attack discovered! Cybersecurity researchers find an ongoing campaign with a unique execution chain.
Security Affairs
A previously unknown APT group, tracked as Carderbee, was behind a supply chain attack against Hong Kong organizations. Symantec Threat Hunter Team reported that a previously unknown APT group, tracked as Carderbee, used a malware-laced version of the legitimate Cobra DocGuard software to carry out a supply chain attack aimed at organizations in Hong Kong. […]
The Hacker News
Malicious actors are using Binance's Smart Chain (BSC) contracts to host malicious code and serve it on compromised WordPress
Infosecurity News
Checkmarx has identified two distinct open-source software supply chain attacks targeting the financial sector for the first time
DataBreaches
CSO reports: Zero-day exploits, supply chain attacks fuel 72% increase over previous record for incidents of compromise. Another increase is expected for 2024...
SecurityWeek
The U.S. government's CISA, NSA, and ODNI have released the first part of a three-part joint guidance series on securing the software supply chain.
CyberSecurity Dive
Do you know what’s in your code? These 5 considerations should help you drive your security activities and identify weak points in your software supply chain.
CyberSecurity Dive
Do you know what’s in your code? These five considerations should help you drive your security activities and identify weak points in your software supply chain.
The Hacker News
Researchers discover a new Rust Crate Registry's software supply chain attack targeting cloud continuous integration (CI) pipelines.
SecurityWeek
Details of eight vulnerabilities in the open source supply chain used to develop AI and ML models have been disclosed in a new report.
SecurityWeek
IBM recently patched a vulnerability in IBM Cloud Databases for PostgreSQL that could have exposed users to supply chain attacks.
The Hacker News
China-backed hackers, Evasive Panda, target Tibetan users in watering hole & supply chain attacks.
Loading more articles....