Security News

A researcher managed to breach over 35 major companies' internal systems, including Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, in a novel software supply chain attack. Unlike traditional typosquatting attacks that rely on social engineering tactics or the victim misspelling a package name, this particular supply chain attack is more sophisticated as it needed no action by the victim, who automatically received the malicious packages.

It seems to be the season of sophisticated supply-chain attacks. ESET says that based on evidence its researchers gathered, a threat actor compromised one of the company's official API and file-hosting servers.

Some of this just comes down to numbers: The more dependencies enterprises take on open source software, the more open source software will show up in audits like these. While Orion isn't open source, it shows how supply chain attacks have become increasingly critical to combat, and reflect what we've known since Heartbleed: As open source becomes a critical part of nearly all software, we need to improve how we secure it.

Researchers at cybersecurity firm ESET say they have uncovered an espionage campaign that has targeted online gamers in Asia through a compromised software company. After compromising the update mechanism for NoxPlayer, the threat actor behind the attack pushed a series of tailored malicious updates that resulted in three different malware families being installed on the devices of a handful of selected victims.

Researchers allege, attackers have compromised the update mechanism of NoxPlayer, which is software that allows gamers to run Android apps on their PCs or Macs. Researchers said, out of more than the 100,000 users in their telemetry that have Noxplayer installed on their machines, only five users received a malicious update, showing the attack is a "Highly targeted operation." These victims are based in Taiwan, Hong Kong and Sri Lanka.

ESET researchers have discovered that the updating mechanism of NoxPlayer, an Android emulator for Windows and macOS, made by Hong Kong-based company BigNox, was compromised by an unknown threat actor and used to infect gamers with malware. NoxPlayer is used by gamers from over 150 countries around the globe according to BigNox but, as ESET found in January 2021, the supply-chain attack was focused on infecting only Asian gamers with at least three different malware strains.

Stord introduced the Stord Cloud Supply Chain, offering end-to-end supply chain services spanning its network of over 500 warehouses, 30 fulfillment centers and 20,000 carriers, vertically integrated through a singular pay-as-you-go software platform. Stord has built the supply chain cloud that wraps up all the logistics services and technology tools needed for an end-to-end supply chain in one pre-integrated cloud platform.

To help organizations increase the efficiency of their global supply chains, Oracle announced new logistics capabilities within Oracle Fusion Cloud Supply Chain & Manufacturing. The updates to Oracle Transportation Management and Oracle Global Trade Management, a part of Oracle Cloud SCM, help customers reduce costs, make better planning decisions, and improve customer experience.

In general terms, a supply chain refers to the network of people and companies involved in the development of a particular product, not dissimilar to a home construction project that relies on a contractor and a web of subcontractors. The most recent case targeting federal agencies involved Russian government hackers who are believed to have sneaked malicious code into popular software that monitors computer networks of businesses and governments.

"First, if the stolen certificate was used for Mimecast customers to verify the validity of the servers their users' connect to, it would allow an attacker that was able to man-in-the middle the user to server connection to easily decrypt the encrypted data stream and access potentially sensitive information." Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, told Threatpost that attackers could also possibly disable Office 365's Mimecast protections altogether to make an email-borne attack more effective.