Security News
An examination of cybercrime ecosystems reveals it mirrors legitimate financial organization and market systems. "Cybercriminals need to move money and pay employees in their organization just like any other company," said Derek Manky Chief Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs.
Attacks against the supply chain have been growing in quantity and gravity for several years, culminating in SolarWinds. Most discussion has focused on the software supply chain, but a new study shows that the physical logistics supply chain is equally subject, and susceptible, to cyberattacks.
What is needed are solutions that provide device-level security that addresses all the technical, IP, supply chain and business process challenges manufacturers face without the need for them to become experts in cryptography and complex hardware security technologies themselves, say experts at Sequitur Labs. "IoT device developers need to ensure their products are protected from attacks, safe and secure through the manufacturing process, and able to be managed securely throughout the life of the product," said Philip Attfield, Co-founder and CEO, Sequitur Labs.
In new reporting by Reuters, investigators have stated that hundreds of customer networks have been breached in the incident, expanding the scope of this system breach beyond just Codecov's systems. As reported by BleepingComputer last week, Codecov had suffered a supply-chain attack that went undetected for over 2-months.
In new reporting by Reuters, investigators have stated that hundreds of customer networks have been breached in the incident, expanding the scope of this system breach beyond just Codecov's systems. As reported by BleepingComputer last week, Codecov had suffered a supply-chain attack that went undetected for over 2-months.
Security response professionals are scrambling to measure the fallout from a software supply chain compromise of Codecov Bash Uploader that went undetected since January and exposed sensitive secrets like tokens, keys and credentials from organizations around the world. The hack occurred four months ago but was only discovered in the wild by a Codecov customer on the morning of April 1, 2021, the company said in a note acknowledging the severity of the breach.
In a new report, X-Force said it recently discovered a series of phishing emails targeting 44 companies across 14 countries, all involved in the coronavirus vaccine cold chain, an aspect of the overall supply chain that ensures the safety of vaccines transported and stored in cold environments. Seen last September, the phishing campaign deploys emails spoofing a business executive from Haier Biomedical, a legitimate member company of the COVID-19 vaccine supply chain and reportedly the world's only complete cold chain provider.
DOWNSTREAM ISSUES. The result is that under-resourced teams need to manage vulnerabilities that may or may not be relevant within hundreds of libraries, possibly within many different apps, and always with the possibility that library updates may cause further downstream issues. "Failure to keep libraries updated over time not only increases risk to an organization but also makes library updates much more difficult and time-consuming when they are finally done. When a library stays dormant in an application for multiple years, any new vulnerability is difficult to fix because so much code has been built over it."
Roid smartphones from Gigaset have been infected by malware direct from the manufacturer in what appears to be a supply-chain attack. The Trojan, once downloaded and installed on a victim's device via a poisoned software update from the vendor, is capable of opening browser windows, fetching more malicious apps, and sending people text messages to further spread the malware, say researchers and users.
Attackers tried to insert backdoor into PHP source codeThe PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers. The growing threat to CI/CD pipelinesBy hardening CI/CD pipelines and addressing security early in the development process, developers can deliver software faster and more securely.