Security News

Supply Chain Attack against Courtroom Software
2024-05-30 11:04

A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8, an application package courtrooms use to record, play back, and manage audio and video from proceedings.

Suspected supply chain attack backdoors courtroom recording software
2024-05-24 20:29

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

JAVS courtroom recording software backdoored in supply chain attack
2024-05-23 21:17

Attackers have backdoored the installer of widely used Justice AV Solutions courtroom video recording software with malware that lets them take over compromised systems. JAVS has since removed the compromised version from its official website, saying that the trojanized software containing a malicious fffmpeg.

It may take decade to shore up software supply chain security, says infosec CEO
2024-05-03 17:30

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Securing your organization’s supply chain: Reducing the risks of third parties
2024-05-02 05:10

This highlights how digitally connected organizations are dependent on each other, and when one link in the supply chain is broken it can have a cascading effect on others. As soon as an organization's data moves over to a third party, the risks around it increase.

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks
2024-04-29 10:50

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in...

Webinar: Learn Proactive Supply Chain Threat Hunting Techniques
2024-04-23 11:28

In the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks have emerged as a potent threat, exploiting the intricate web of interconnected systems and...

Protobom: Open-source software supply chain tool
2024-04-19 04:30

Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials, file data, and translate this data across standard industry SBOM formats. The key to strengthening software security and software supply chain risk management is an SBOM, which is a nested, formatted inventory that lists the software's components, including the supply chain relationships of various open-source and commercial components used in building software.

XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor
2024-04-08 18:47

A threat actor quietly spent the last two years integrating themself in the core team of maintainers of XZ Utils, a free software command-line data compressor widely used in Linux systems. The CVE-2024-3094 backdoor found in XZ Utils was implemented to interfere with authentication in SSHD, the OpenSSH server software that handles SSH connections.

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others
2024-03-25 11:58

Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord...