Security News
Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites. The polyfill.io service is used by hundreds of thousands of sites to allow all visitors to use the same codebase, even if their browsers do not support the same modern features as newer ones.
A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8, an application package courtrooms use to record, play back, and manage audio and video from proceedings.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Attackers have backdoored the installer of widely used Justice AV Solutions courtroom video recording software with malware that lets them take over compromised systems. JAVS has since removed the compromised version from its official website, saying that the trojanized software containing a malicious fffmpeg.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
This highlights how digitally connected organizations are dependent on each other, and when one link in the supply chain is broken it can have a cascading effect on others. As soon as an organization's data moves over to a third party, the risks around it increase.
A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in...
In the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks have emerged as a potent threat, exploiting the intricate web of interconnected systems and...
Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials, file data, and translate this data across standard industry SBOM formats. The key to strengthening software security and software supply chain risk management is an SBOM, which is a nested, formatted inventory that lists the software's components, including the supply chain relationships of various open-source and commercial components used in building software.
A threat actor quietly spent the last two years integrating themself in the core team of maintainers of XZ Utils, a free software command-line data compressor widely used in Linux systems. The CVE-2024-3094 backdoor found in XZ Utils was implemented to interfere with authentication in SSHD, the OpenSSH server software that handles SSH connections.