Security News

Attacks against the container infrastructure are continuing to increase in both frequency and sophistication. The attacks are becoming more evasive, while the supply chain is now targeted.

As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called "Supply chain Levels for Software Artifacts", the end-to-end framework aims to secure the software development and deployment pipeline - i.e., the source build publish workflow - and mitigate threats that arise out of tampering with the source code, the build platform, and the artifact repository at every link in the chain.

Google has proposed a framework called SLSA for dealing with supply chain attacks, a security risk exemplified by the recent compromise of the SolarWinds Orion IT monitoring platform. SLSA - short for Supply chain Levels for Software Artifacts and pronounced "Salsa" for those inclined to add convenience vowels - aspires to provide security guidance and programmatic assurance to help defend the software build and deployment process.

The U.S. tech giant this week unveiled SLSA, a new end-to-end framework the company hopes will drive the enforcement of standards and guidelines to ensuring the integrity of software artifacts throughout the software supply chain. "The goal of SLSA is to improve the state of the industry, particularly open source, to defend against the most pressing integrity threats. With SLSA, consumers can make informed choices about the security posture of the software they consume."

Following a major software supply chain compromise that exposed data for several major companies, developer tools startup CodeCov plans to kill off the Bash Uploader tool that was responsible for the breach. CodeCov, a little-known startup considered the vendor of choice for measuring code coverage in the tech industry, has shipped an entirely new Uploader using NodeJS to replace the Bash Uploader dev tool that was compromised in a recent software supply chain attack.

A new cyber espionage group named Gelsemium has been linked to a supply chain attack targeting the NoxPlayer Android emulator that was disclosed earlier this year. "Gelsemium's whole chain might appear simple at first sight, but the exhaustive configurations, implanted at each stage, modify on-the-fly settings for the final payload, making it harder to understand."

Cyborg Security unveiled new capabilities within the HUNTER content platform. These capabilities are designed to defend against rapidly evolving threats, including growing attacks on critical infrastructure and supply chains, while reducing Mean-Time-to-Deployment of threat hunting and detection content.

A monster cyberattack on SITA, a global IT provider for 90 percent of the world's airline industry, is slowly unfurling to reveal the largest supply-chain attack on the airline industry in history. The enormous data breach, estimated to have already impacted 4.5 million passengers, has potentially been traced back to the Chinese state-sponsored threat actor APT41, and analysts are warning airlines to hunt down any traces of the campaign concealed within their networks.

ESET researchers have linked a stealthy cyberespionage group known as Gelsemium to the NoxPlayer Android emulator supply-chain attack that targeted gamers earlier this year. Two years later, in 2016, new Gelsemium indicators of compromise showed up in a Verint Systems presentation at HITCON. In 2018, VenusTech unveiled an unknown APT group's malware samples linked to the Operation TooHash, which ESET later discovered were early versions of Gelsemium malware.

Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment. The vulnerable extensions could be exploited to run arbitrary code on a developer's system remotely, in what could ultimately pave the way for supply chain attacks.