Security News

Early in April 2022, news broke that various users of Microsoft's GitHub platform had suffered unauthorised access to their private source code. GitHub, if you've never used it, is a cloud-based source code control system, best known for hosting the public repositories of many open source software projects.

Ivanti Wavelink announced the results of a joint survey with VDC Research regarding the state of industrial supply chain operations and the adoption of Industrial Internet of Things solutions. For industrial organizations, IIoT platforms offer significant promise to unlock new business models, deliver improved customer experiences, address the disruptive impact of downtime, and ultimately provide greater operational resilience.

Today we're seeing another massive security challenge ahead for developers, where nothing is easy or automatic: software supply-chain security. Lorenc met Chainguard co-founder Kim Lewandowski at Google, and they have both been approaching the software supply chain security problem through a series of open source projects that they co-created and co-maintain.

In this video for Help Net Security, Donald Fischer, CEO at Tidelift, talks about the state of open-source software supply chain security in 2022. Open source is the modern application development platform and is becoming an indispensable part of the software development process for organizations of all sizes.

New research from the NCC Group illustrates that the number of cyberattacks on these supply chains increased by over half during the period from July to December of 2021. The study, which surveyed 1,400 cybersecurity decision makers, found that 36% said that they are more responsible for preventing, detecting and resolving supply chain attacks than their suppliers.

GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities. "The GitHub Action automates finding and blocking vulnerabilities that are currently only displayed in the rich diff of a pull request," said Courtney Claessens, a Senior Product Manager at GitHub.

The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed. "Data theft extortion or ransomware deployment following FIN7-attributed activity at multiple organizations, as well as technical overlaps, suggests that FIN7 actors have been associated with various ransomware operations over time," incident response firm Mandiant said in a Monday analysis.

A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code. "An attacker exploiting the first one could take over any developer account and publish malicious releases, while the second bug would allow the attacker to gain persistent access to the central PEAR server," SonarSource vulnerability researcher Thomas Chauchefoin said in a write-up published this week.

A threat actor dubbed "RED-LILI" has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly 800 malicious modules. "As it seems this time, the attacker has fully-automated the process of NPM account creation and has opened dedicated accounts, one per package, making his new malicious packages batch harder to spot."

These are examples of supply chain compromises that infiltrate a company's software directly, but there's another common attack vector; email. How can you filter it from the herd of legitimate emails entering your systems? Darktrace argues that it's time for a new approach.