#supply-chain-attack

[ follow ]
#cybersecurity

A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records

Snowflake targeted in supply chain attack, Kaspersky software banned in the US, AI startup under scrutiny, Amazon's face-recognition tools utilized in UK train stations.

Nearly 400,000 WordPress credentials stolen

A security breach by MUT-1244 has resulted in the theft of over 390,000 WordPress credentials, highlighting the vulnerability of security researchers and pentesters.

What we know about the Hezbollah pagers attack

The explosion of Hezbollah's pagers could indicate a complex supply chain attack, with implications for security and surveillance efforts.

Polyfill Becomes a Supply-Chain Risk to 100,000 Websites - DevOps.com

A Chinese company acquired Polyfill domain & GitHub, leading to malicious code delivery affecting 100k websites.

THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8)

Turla hackers cleverly exploit rival hacker infrastructure for espionage.
Supply chain attacks continue to threaten software libraries and digital security.

New Revival Hijack technique leaves 22,000 PyPi projects vulnerable to attacks

Revival Hijack poses a serious risk to up to 22,000 PyPI packages, exploiting deleted package names for potential hijacking.

A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records

Snowflake targeted in supply chain attack, Kaspersky software banned in the US, AI startup under scrutiny, Amazon's face-recognition tools utilized in UK train stations.

Nearly 400,000 WordPress credentials stolen

A security breach by MUT-1244 has resulted in the theft of over 390,000 WordPress credentials, highlighting the vulnerability of security researchers and pentesters.

What we know about the Hezbollah pagers attack

The explosion of Hezbollah's pagers could indicate a complex supply chain attack, with implications for security and surveillance efforts.

Polyfill Becomes a Supply-Chain Risk to 100,000 Websites - DevOps.com

A Chinese company acquired Polyfill domain & GitHub, leading to malicious code delivery affecting 100k websites.

THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8)

Turla hackers cleverly exploit rival hacker infrastructure for espionage.
Supply chain attacks continue to threaten software libraries and digital security.

New Revival Hijack technique leaves 22,000 PyPi projects vulnerable to attacks

Revival Hijack poses a serious risk to up to 22,000 PyPI packages, exploiting deleted package names for potential hijacking.
morecybersecurity
#security

Secure Node.js Applications from Supply Chain Attacks

Node.js applications are particularly vulnerable to supply chain attacks; attention to security best practices is essential.

OpenWrt supply chain attack scare prompts urgent upgrades

OpenWrt users should upgrade to the same image version to mitigate risks from a reported supply chain attack.

Secure Node.js Applications from Supply Chain Attacks

Node.js applications are particularly vulnerable to supply chain attacks; attention to security best practices is essential.

OpenWrt supply chain attack scare prompts urgent upgrades

OpenWrt users should upgrade to the same image version to mitigate risks from a reported supply chain attack.
moresecurity

The detonation of pagers used by Hezbollah shows the depths of supply-chain infiltration

The coordinated attacks in Lebanon indicate a high level of sophistication and planning, likely by a state actor utilizing global supply chains.

GitLab releases security updates to fix 17 vulnerabilities

GitLab's recent security update addresses 17 vulnerabilities, including a critical flaw (CVE-2024-6678) with a CVSS score of 9.9 posing severe risks.

Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers

A new supply chain attack technique called Revival Hijack targets the PyPI registry, allowing attackers to exploit existing packages for malicious intent.

Mystery criminals backdoor courtroom recording software

Courtroom software backdoor discovered, necessitating re-imaging and credential resets for full mitigation.

Crooks plant backdoor in software used by courtrooms around the world

A software update for JAVS Viewer 8 contained a hidden backdoor, putting over 10,000 courtrooms at risk of unauthorized access by threat actors.

XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor

XZ Utils is widely used in Unix-based systems like Linux for data compression.
The XZ backdoor allowed remote code execution via SSH login certificates and affected versions 5.6.0 and 5.6.1.
#solarwinds

How SolarWinds Responded to the 2020 SUNBURST Cyberattack

SolarWinds fell victim to a supply chain attack where hackers inserted malware into a software update, potentially compromising customer data.
General Counsel Jason Bliss had to lead the company's response without knowing the full extent of the attack or having the new CEO in place.

Judge mostly tosses SEC claims against SolarWinds security

Judge dismisses SEC lawsuit against SolarWinds post-SUNBURST attack claims; sustains securities fraud allegations for pre-SUNBURST statements about Orion product security.

How SolarWinds Responded to the 2020 SUNBURST Cyberattack

SolarWinds fell victim to a supply chain attack where hackers inserted malware into a software update, potentially compromising customer data.
General Counsel Jason Bliss had to lead the company's response without knowing the full extent of the attack or having the new CEO in place.

Judge mostly tosses SEC claims against SolarWinds security

Judge dismisses SEC lawsuit against SolarWinds post-SUNBURST attack claims; sustains securities fraud allegations for pre-SUNBURST statements about Orion product security.
moresolarwinds

Millions of sites could've been exposed in the Polyfill, BootCDN, Bootcss, and Staticfile attack - and it was all orchestrated by a single operator

A supply chain attack using multiple CDNs affected countless websites, prompting warnings and actions to mitigate potential risks.
from InfoQ
6 months ago

Over 100K+ Sites Hit by Polyfill.io Supply Chain Attack

Sansec unveiled a supply chain attack affecting Polyfill JS service through multiple CDNs, impacting over 100K sites.
[ Load more ]