supply chain compromise

Chinese hackers compromised an ISP to deliver malicious software updates

APT, cyber espionage, DNS, Don't miss, ESET, Hot stuff, ISP, Malware, News, supply chain compromise, Symantec, Volexity /

Chinese hackers compromised an ISP to deliver malicious software updates 2024-08-05 at 13:46 By Zeljka Zorz APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasive Panda, aka StormCloud), a Chinese-speaking threat […]

React to this headline:

Loading spinner

Chinese hackers compromised an ISP to deliver malicious software updates Read More »

Compromised plugins found on WordPress.org

backdoor, Don't miss, Hot stuff, News, plugin, supply chain compromise, Wordfence, WordPress /

Compromised plugins found on WordPress.org 2024-06-26 at 11:46 By Zeljka Zorz An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, it appears the threat actor also injected malicious JavaScript

React to this headline:

Loading spinner

Compromised plugins found on WordPress.org Read More »

Compromised recording software was served from vendor’s official site, threat researchers say

Don't miss, Hot stuff, Malware, News, Rapid7, supply chain compromise /

Compromised recording software was served from vendor’s official site, threat researchers say 2024-05-23 at 18:01 By Zeljka Zorz Legitimate recording software JAVS Viewer has been saddled with loader malware and has been served from the developer’s site since at least April 2, a threat researcher has warned last month. After analyzing a flagged installer detected

React to this headline:

Loading spinner

Compromised recording software was served from vendor’s official site, threat researchers say Read More »

XZ Utils backdoor: Detection tools, scripts, rules

backdoor, Binarly, Bitdefender, Don't miss, Elastic, GitHub, Hot stuff, Linux, News, open source, supply chain compromise /

XZ Utils backdoor: Detection tools, scripts, rules 2024-04-08 at 16:31 By Zeljka Zorz As the analysis of the backdoor in XZ Utils continues, several security companies have provided tools and advice on how to detect its presence on Linux systems. What happened? The open-source XZ Utils compression utility has been backdoored by a skilled threat

React to this headline:

Loading spinner

XZ Utils backdoor: Detection tools, scripts, rules Read More »

Organizations prefer a combination of AI and human analysts to monitor their digital supply chain

BlueVoyant, data breach, News, report, supply chain, supply chain compromise, survey /

Organizations prefer a combination of AI and human analysts to monitor their digital supply chain 14/12/2023 at 07:02 By Help Net Security The number of cyber breaches targeting organizations’ supply chains continues to rise, with an average 4.16 breaches reported to be negatively impacting operations this year — a 26% increase from the mean number

React to this headline:

Loading spinner

Organizations prefer a combination of AI and human analysts to monitor their digital supply chain Read More »

North Korean hackers are targeting software developers and impersonating IT workers

APT, Don't miss, FBI, Hot stuff, Insider Threat, Microsoft, News, North Korea, software development, supply chain compromise, vulnerability /

North Korean hackers are targeting software developers and impersonating IT workers 20/10/2023 at 13:52 By Helga Labus State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers. North Korean hackers targeting developers Microsoft has outlined on Wednesday how

React to this headline:

Loading spinner

North Korean hackers are targeting software developers and impersonating IT workers Read More »

Attackers hit software firm Retool to get to crypto companies and assets

Cryptocurrency, cybercrime, Don't miss, Hot stuff, MFA, News, Okta, Retool, social engineering, spear-phishing, supply chain compromise /

Attackers hit software firm Retool to get to crypto companies and assets 14/09/2023 at 18:17 By Zeljka Zorz Retool, the company behind the popular development platform for building internal business software, has suffered a breach that allowed attackers to access and take over accounts of 27 cloud customers, all in the crypto industry. According to

React to this headline:

Loading spinner

Attackers hit software firm Retool to get to crypto companies and assets Read More »

Exploring the macro shifts in enterprise security

attacks, Cloud, cloud security, cybersecurity, data breach, identity management, News, Ransomware, Scale, supply chain compromise, survey /

Exploring the macro shifts in enterprise security 20/07/2023 at 06:04 By Help Net Security The number of successful ransomware attacks and data breach attempts fell by 30% over the last year, the number of reported security incident types at organizations increased, according to the 2023 Cybersecurity Perspectives Survey by Scale. Security incident types In fact,

React to this headline:

Loading spinner

Exploring the macro shifts in enterprise security Read More »

Scroll to Top