The Cyber Express
Cencora Data Breach Far More Widespread than Earlier Thought
The impact of the Cencora data breach is far more widespread than earlier thought as more than a dozen pharmaceutical
Cyber Security News
Hackers Launch a Chain of Exploits Via Malicious iMessage Attachments
TriangleDB", this malware infection chain consists of a malicious iMessage attachment which launches a chain of exploits on affected devices.
Security Magazine
59% of organizations faced a software supply chain attack
59% of organizations experienced a software supply chain attack, with 54% of these respondents having experienced one in the past year.
SecurityWeek
Software Supply Chain Weakness: Snyk Warns of 'Deliberate Sabotage' of NPM Ecosystem
Software supply chain security fears escalated with the discovery "deliberate sabotage" of code in the open-source npm package manager ecosystem.
DataBreaches
NPM supply-chain attack impacts hundreds of websites and apps
Sergiu Gatlan reports: An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to...
Security Affairs
Hackers stole more than $81M worth of crypto assets from Orbit Chain
Crypto platform Orbit Chain suffered a cyberattack, threat actors have stolen more than $81 million worth of cryptocurrency
CSO
Software supply chain attacks hit three out of five companies in 2021
Survey finds significant jump in software supply chain attacks after Log4j exposed.
Bleeping Computer
GitHub can now alert of supply-chain bugs in new dependencies
GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities.
Computerworld
Biometrics are even less accurate than we thought
Biometrics are supposed to be a fundamental pillar of modern authentication. Unfortunately, for a wide range of reasons and in a variety of ways, many biometric implementations are wildly inaccurate.
DataBreaches
Understanding the increase in Supply Chain Security Attacks
The European Union Agency for Cybersecurity mapping on emerging supply chain attacks finds 66% of attacks focus on the supplier’s code. Supply chain attacks...
The Hacker News
The Unknown Risks of The Software Supply Chain: A Deep-Dive
Open Source Boon or Bane? Your Code's Hidden Vulnerabilities Exposed! Traditional SCAs fall short against stealthy supply chain attacks.
Security Affairs
Experts warn of OSS supply chain attacks against the banking sector
Checkmark researchers have uncovered the first known targeted OSS supply chain attacks against the banking sector. In the first half of 2023, Checkmarx researchers detected multiple open-source software supply chain attacks aimed at the banking sector. These attacks targeted specific components in web assets used by banks, according to the experts the attackers used advanced techniques. […]
The Hacker News
3CX Desktop App Targeted in Supply Chain Cyber Attack, Affecting Millions of Users
Active supply chain attack targets popular voice & video conferencing software 3CX Desktop App, affecting hundreds of well-known brands.
Bleeping Computer
Orbit Chain loses $86 million in the last fintech hack of 2023
Orbit Chain has experienced a security breach that has resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin.
SecurityWeek
UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws
UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks.
SecurityWeek
'Secrets Sprawl' Haunts Software Supply Chain Security
A cybersecurity startup is warning of a major, unattended weak link in the software supply chain: the vexing problem of secrets sprawl -- API keys, usernames and passwords, and security certificates -- exposing weaknesses in the software supply chain.
Trend Micro
Probing Weaponized Chat Applications Abused in Supply-Chain Attacks
This report examines the infection chain and the pieces of malware used by malicious actors in supply-chain attacks that leveraged trojanized installers of chat-based customer engagement platforms.
SecurityWeek
Cyber Insights 2024: Supply Chain
Supply chain security: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers
Bleeping Computer
Cybersecurity firms warn of 3CX desktop app supply chain attack
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack.
SecurityWeek
Sandwich Chain Subway Investigating Ransomware Group's Claims
The LockBit ransomware group claims to have stolen hundreds of gigabytes of data from US sandwich chain Subway.
CSO
Singing River ransomware attack now thought to have affected over 895,000
The health care provider has dramatically increased its estimate of the number of patients affected by the August 2023 attack.
Security Affairs
Supply chain attack on crypto hw wallet Ledger led to the theft of $600K
A supply chain attack against Crypto hardware wallet maker Ledger resulted in the theft of $600,000 in virtual assets.
Security Affairs
NIST published updated guidance for supply chain risks
The National Institute of Standards and Technology (NIST) has released updated guidance for defending against supply-chain attacks. The National Institute of Standards and Technology (NIST) has released updated guidance for defending against supply chain attacks. NIST has published the “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations” in response to the Executive Order […]
The Hacker News
New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers
Newly discovered supply chain vulnerabilities found in MegaRAC BMC software affect servers from many vendors and could allow remote code execution .
Bleeping Computer
CISA warns of actively exploited Juniper pre-auth RCE exploit chain
CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution (RCE) attacks as part of a pre-auth exploit chain.
Infosecurity News
Lazarus Group Targets macOS in Supply Chain Assault
ESET explained the impact of the supply chain attack translated to a 16.8% increase in Trojan detections
Bleeping Computer
HashiCorp is the latest victim of Codecov supply-chain attack
Open-source software tools and Vault maker HashiCorp has disclosed a security incident that occurred due to the recent Codecov attack. HashiCorp, a Codecov customer, has stated that the recent Codecov supply-chain attack aimed at collecting developer credentials led to the exposure of HashiCorp's GPG signing key.
Infosecurity News
UK NCSC Launches Recommendations on Supply Chain Mapping
The UK National Cybersecurity Centre’s new guidance breaks down the essentials of a good supply chain mapping (SCM) list
Infosecurity News
#ISC2Events: Supply Chain Security is a Multifaceted Challenge
Organizations need to be aware of a range of factors when managing their supply chain risk, says (ISC)2's CISO, Jon France
Ars Technica
Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong.
When UNC4841 infected gov't and military networks, it was just getting started.
Security Affairs
Exposed Kubernetes secrets can fuel supply chain attacks
Researchers warn of publicly exposed Kubernetes configuration secrets that could pose a threat of supply chain attack for organizations.
Cyber Security News
EtherHiding: A Novel Technique to Hide Malicious Code Using Binance's Smart Chain
“EtherHiding” which abuses Binance's Smart Chain (BSC) contracts to host parts of a malicious code chain to hide them inside the blockchain.
The Hacker News
Do You Really Trust Your Web Application Supply Chain?
Discover how supply chain vulnerabilities can compromise your business.
Bleeping Computer
NIST updates guidance for defending against supply-chain attacks
The National Institute of Standards and Technology (NIST) has released updated guidance on securing the supply chain against cyberattacks.
Bleeping Computer
3CX hack caused by trading software supply chain attack
An investigation into last month's 3CX supply chain attack discovered that it was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds.
Security Affairs
Experts analyzed the evolution of the Emotet supply chain
Threat actors behind the Emotet bot are continually improving their tactics, techniques, and procedures to avoid detection. VMware researchers have analyzed the supply chain behind the Emotet malware reporting that its operators are continually shifting their tactics, techniques, and procedures to avoid detection. The Emotet banking trojan has been active at least since 2014, the botnet is operated by […]
Security Affairs
3CX voice and video conferencing software victim of a supply chain attack
Popular voice and video conferencing software 3CX was the victim of a supply chain attack, SentinelOne researchers reported. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular software as […]
SecurityWeek
Chainguard Bags Massive $50M Series A for Supply Chain Security
Sequoia is leading a massive $50 million early-stage investment in Chainguard, a startup created by a team of ex-Google software engineers to "make software supply chain secure by default."
CyberSecurity Dive
Protecting against software supply chain attacks
It's so important to protect the supply chain and ensure the companies you're working with are as committed to that protection as you are.
DarkReading
DBIR: Supply Chain Breaches Up 68% Year Over Year
As Verizon Business redefines "supply chain breach," it could either help organizations address third-party risk holistically or just conflate and confuse.
Infosecurity News
North Korean Hacker Suspected in 3CX Software Supply Chain Attack
Mandiant said this would be the first instance of a software supply chain attack leading to another
Bleeping Computer
Microsoft: Lazarus hackers breach CyberLink in supply chain attack
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide.
Bleeping Computer
Twilio discloses impact from Codecov supply-chain attack
Cloud communications company Twilio has now disclosed that the recent Codecov supply-chain attack exposed a small number of Twilio's customer email addresses.
The Hacker News
NIST Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks
The National Institute of Standards and Technology (NIST) has released updated cybersecurity guidelines for managing supply chain risks.
ZDNet
Copycat and fad hackers will be the bane of supply chain security in 2022 | ZDNet
Experts explain why the supply chain is now a top target for cybercriminals -- and what we should expect to see in 2022.
SecurityWeek
Virtual Event Today: Supply Chain Security Summit & Expo
This virtual summit will examine the current state of supply chain attacks, the weakest links along the way, and best practices for managing this massive attack surface.
Latest Hacking News
3CX Cyber Attack: It Was The Aftermath Of Another Supply-Chain Attack
Days after the horrifying cyberattack, more details about the 3CX incident surface online as Mandiant discloses its investigations. As revealed, the cyber attack on 3CX systems linked back to another supply-chain attack on a separate
SecurityWeek
Supply Chain Attack Targets Customer Engagement Firm Comm100
CrowdStrike warns of a supply chain attack targeting North American and European organizations across multiple sectors with a trojanized Comm100 installer.
The Hacker News
Webinar: Learn Proactive Supply Chain Threat Hunting Techniques
Join industry experts Rhys Arkins and Jeffrey Martin for an exclusive webinar on combating supply chain threats.
DarkReading
Supply Chain Attack Defense Demands Mature Threat Hunting
Active threat hunting is the best protection against supply chain attacks like MOVEit and 3CX, experts say.
DataBreaches
Russian government sites hacked in supply chain attack
Sergiu Gatlan reports: Russia says some of its federal agencies’ websites were compromised in a supply chain attack on Tuesday after unknown attackers...
SecurityWeek
New 'Wolfi' Linux Distro Focuses on Software Supply Chain Security
Chainguard announces Wolfi, a stripped-down Linux OS distribution designed to improve the security of the software supply chain.
The Record
New supply chain attack targeted Ukrainian government networks
Hackers have been targeting Ukrainian government networks with a new supply chain attack using fake Windows installers.
SecurityWeek
Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024
Virtual event explores the critical nature of software and vendor supply chain security issues with a focus on understanding cascading effects.
SecurityWeek
New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security
Products from Venafi and Protect AI aim to secure traditional open source software supply chain and the new AI model software supply chain.
Ars Technica
Warning of AI’s danger, pioneer Geoffrey Hinton quits Google to speak freely
"Most people thought it was way off. And I thought it was way off."
Infosecurity News
Over $80m in Crypto Stolen in Cyber-Attack on Orbit Chain
Orbit Chain said that the stolen cryptocurrency currently remains unmoved
DataBreaches
Consulate Health Care chain hit by Hive
Hive ransomware gang has added another healthcare-related victim to its leak site. This time, the victim is Consulate Health Care (CHC), a chain of service...
SecurityWeek
Legit Security Raises $30M to Tackle Supply Chain Security
Bessemer Ventures pours $30 million into Legit Security, an early-stage software supply chain security startup.
SecurityWeek
Bookstore Chain Dymocks Discloses Data Breach Possibly Impacting 800k Customers
The personal information of more than 800,000 individuals was stolen from bookstore chain Dymocks in a cyberattack last week.
Trend Micro
Attacking The Supply Chain: Developer
In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”.
Infosecurity News
Software Supply Chain Attacks Hit 61% of Firms
Only half of firms are requesting a software bill of materials
Bleeping Computer
Golden Corral restaurant chain data breach impacts 183,000 people
The Golden Corral American restaurant chain disclosed a data breach after attackers behind an August cyberattack stole the personal information of over 180,000 people.
CSO
Meta’s new kill chain model tackles online threats
Meta researchers say their Online Operations Kill Chain framework offers a common taxonomy to understand the threat landscape and spot vulnerabilities.
SecurityWeek
Software Supply Chain Security Startup Kusari Raises $8 Million
Kusari has raised $8 million to help organizations gain visibility into and secure their software supply chain.
Infosecurity News
UK Government Urges Action to Enhance Supply Chain Security
The NCSC guidance has been issued amid a significant increase in supply chain attacks in recent years
SecurityWeek
Canadian Supermarket Chain Sobeys Hit by Ransomware Attack
Canadian supermarket and pharmacy chain Sobeys recovering from a cyberattack, Black Basta ransomware likely to blame.
CSO
OpenSSF releases SLSA v1.0, adds software supply chain-specific tracks
SLSA v1.0 has been designed to make the software supply chain security framework more accessible and specific to areas of the software delivery lifecycle.
Bleeping Computer
London Drugs pharmacy chain closes stores after cyberattack
Canadian pharmacy chain London Drugs has closed all its retail stores to contain what it described as a "cybersecurity incident."
SecurityWeek
Researchers Spot Supply Chain Attack Targeting GitLab CI Pipelines
A new software supply chain hack combines typosquatting and the impersonation of a known Rust developer to plant malware aimed directly at infecting GitLab Continuous Integration (CI) pipelines.
SecurityWeek
Hundreds Infected With 'Wasp' Stealer in Ongoing Supply Chain Attack
A threat actor has infected hundreds of victims in an ongoing supply chain attack relying on malicious Python packages.
The Cyber Express
Medusa Ransomware Allegedly Strikes America’s Fastest-Growing Pharmacy Chain BioMatrix
Infamous Medusa ransomware group has allegedly targeted and breached the data of a Florida, US based national specialty pharmacy chain
SecurityWeek
Google Teams Up With GitHub for Supply Chain Security
Google has teamed up with GitHub to improve software supply chain security with tamper-proof builds.
The Hacker News
FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks
Cybercrime group FIN7 has diversified its initial access vectors to include software supply chain compromises and the use of stolen credentials.
Infosecurity News
Half of Firms Report Supply Chain Ransomware Compromise
Study highlights threat detection challenge for many organizations
ThreatPost
Conti Ransomware Gang Has Full Log4Shell Attack Chain
Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain.
Cyber Security News
Massive 3CX Supply-Chain Attack Let Hackers Inject Backdoor on Crypto Firms
Researchers from Kaspersky Labs uncovered a new wave of 3CX supply chain attacks targeting cryptocurrency companies to implant Gopuram.
Bleeping Computer
WireX DDoS botnet admin charged for attacking hotel chain
The US Department of Justice charged the admin of the WireX Android botnet for targeting an American multinational hotel chain in a distributed denial-of-service (DDoS) attack.
Security Affairs
Multiple Russian government websites hacked in a supply chain attack
Threat actors hacked Russian federal agencies’ websites in a supply chain attack involving the compromise of a stats widget. Some Russian federal agencies’ websites were compromised in a supply chain attack, threat actors compromised the stats widget used to track the number of visitors by several government agencies. Threat actors were able to deface the […]
Bleeping Computer
Cryptocurrency companies backdoored in 3CX supply chain attack
Some of the victims affected by the 3CX supply chain attack have also had their systems backdoored with Gopuram malware, with the threat actors specifically targeting cryptocurrency companies with this additional malicious payload.
The Hacker News
Banking Sector Targeted in Open-Source Software Supply Chain Attacks
Researchers uncover first-ever open-source software supply chain attacks targeting banks!
CSO
Zero-day, supply-chain attacks drove data breach high for 2023
Zero-day exploits, supply chain attacks fuel 72% increase over previous record for incidents of compromise. Another increase is expected for 2024.
SecurityWeek
Supply Chain Startup Chainguard Scores $61 Million Series B
Washington startup Chainguard banks $61 million in new financing as investors make hefty wagers on software supply chain security companies.
Bleeping Computer
3CX confirms North Korean hackers behind supply chain attack
VoIP communications company 3CX confirmed today that a North Korean hacking group was behind last month's supply chain attack.
The Hacker News
3CX Supply Chain Attack — Here's What We Know So Far
3CX, has confirmed that multiple versions of its desktop app for Windows and macOS have been affected by a supply chain attack.
SecurityWeek
Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack
Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks.
CyberNews
Software supply chain risks for AI and ML models
How AI and ML models can increase software supply chain risks and lead to cybersecurity incidents
Security Affairs
Canadian supermarket chain giant Sobeys suffered a ransomware attack
Sobeys, the second-largest supermarket chain in Canada, was he victim of a ransomware attack conducted by the Black Basta gang. Sobeys Inc. is the second largest supermarket chain in Canada, the company operates over 1,500 stores operating across Canada under a variety of banners. It is a wholly-owned subsidiary of Empire Company Limited, a Canadian business conglomerate. During […]
The Hacker News
New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain
New npm attack discovered! Cybersecurity researchers find an ongoing campaign with a unique execution chain.
Security Affairs
Carderbee APT targets Hong Kong orgs via supply chain attacks
A previously unknown APT group, tracked as Carderbee, was behind a supply chain attack against Hong Kong organizations. Symantec Threat Hunter Team reported that a previously unknown APT group, tracked as Carderbee, used a malware-laced version of the legitimate Cobra DocGuard software to carry out a supply chain attack aimed at organizations in Hong Kong. […]
The Hacker News
Binance's Smart Chain Exploited in New 'EtherHiding' Malware Campaign
Malicious actors are using Binance's Smart Chain (BSC) contracts to host malicious code and serve it on compromised WordPress
Infosecurity News
Novel Open Source Supply Chain Attacks Target Banking Sector
Checkmarx has identified two distinct open-source software supply chain attacks targeting the financial sector for the first time
DataBreaches
Zero-day, supply-chain attacks drove data breach high for 2023
CSO reports: Zero-day exploits, supply chain attacks fuel 72% increase over previous record for incidents of compromise. Another increase is expected for 2024...
SecurityWeek
US Gov Issues Guidance for Developers to Secure Software Supply Chain
The U.S. government's CISA, NSA, and ODNI have released the first part of a three-part joint guidance series on securing the software supply chain.
CyberSecurity Dive
Five considerations for securing your software supply chain
Do you know what’s in your code? These 5 considerations should help you drive your security activities and identify weak points in your software supply chain.
CyberSecurity Dive
5 considerations for securing your software supply chain
Do you know what’s in your code? These five considerations should help you drive your security activities and identify weak points in your software supply chain.
The Hacker News
Researchers Uncover Rust Supply-Chain Attack Targeting Cloud CI Pipelines
Researchers discover a new Rust Crate Registry's software supply chain attack targeting cloud continuous integration (CI) pipelines.
SecurityWeek
Eight Vulnerabilities Disclosed in the AI Development Supply Chain
Details of eight vulnerabilities in the open source supply chain used to develop AI and ML models have been disclosed in a new report.
SecurityWeek
IBM Cloud Vulnerability Exposed Users to Supply Chain Attacks
IBM recently patched a vulnerability in IBM Cloud Databases for PostgreSQL that could have exposed users to supply chain attacks.
The Hacker News
Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks
China-backed hackers, Evasive Panda, target Tibetan users in watering hole & supply chain attacks.
Loading more articles....