Security News
A massive REvil ransomware attack affects multiple managed service providers and their clients through a reported Kaseya supply-chain attack. Starting this afternoon, the REvil ransomware gang targeted approximately six large MSPs, with thousands of customers, through what appears to be a Kaseya VSA supply-chain attack.
Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. Community in tracing and analyzing the malicious drivers bearing the seal of Microsoft.
A BlueVoyant report highlights critical vulnerabilities within the defense supply chain ecosystem. Cybersecurity gaps were identified in the subcontractors' security practices to garner a better understanding of the security posture of less visible members of the complex defense supply chain.
Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software marketplaces for Linux platform that could be potentially abused to stage supply-chain attacks and achieve remote code execution. The vulnerability stems from the manner the store's product listings page parses HTML or embedded media fields, thereby potentially allowing an attacker to inject malicious JavaScript code that could result in arbitrary code execution.
A group of cryptominers was found to have infiltrated the Python Package Index, which is a repository of software code created in the Python programming language. It offers a place where coders can upload software packages for use by developers in building various applications, services and other projects.
Attacks against the container infrastructure are continuing to increase in both frequency and sophistication. The attacks are becoming more evasive, while the supply chain is now targeted.
As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called "Supply chain Levels for Software Artifacts", the end-to-end framework aims to secure the software development and deployment pipeline - i.e., the source build publish workflow - and mitigate threats that arise out of tampering with the source code, the build platform, and the artifact repository at every link in the chain.
Google has proposed a framework called SLSA for dealing with supply chain attacks, a security risk exemplified by the recent compromise of the SolarWinds Orion IT monitoring platform. SLSA - short for Supply chain Levels for Software Artifacts and pronounced "Salsa" for those inclined to add convenience vowels - aspires to provide security guidance and programmatic assurance to help defend the software build and deployment process.
The U.S. tech giant this week unveiled SLSA, a new end-to-end framework the company hopes will drive the enforcement of standards and guidelines to ensuring the integrity of software artifacts throughout the software supply chain. "The goal of SLSA is to improve the state of the industry, particularly open source, to defend against the most pressing integrity threats. With SLSA, consumers can make informed choices about the security posture of the software they consume."
Following a major software supply chain compromise that exposed data for several major companies, developer tools startup CodeCov plans to kill off the Bash Uploader tool that was responsible for the breach. CodeCov, a little-known startup considered the vendor of choice for measuring code coverage in the tech industry, has shipped an entirely new Uploader using NodeJS to replace the Bash Uploader dev tool that was compromised in a recent software supply chain attack.