Security News
In this Help Net Security video, Jay Yaneza, Cybersecurity Architect at VicOne, discusses how, in the first half of the year, cyberattacks on the automotive sector caused losses exceeding $11 billion. These attacks mainly targeted automotive suppliers, not OEMs, showing an increasing trend in supply chain vulnerabilities.
Crypto hardware wallet maker Ledger published a new version of its "@ledgerhq/connect-kit" npm module after unidentified threat actors pushed malicious code that led to the theft of more than...
Ledger is warnings users not to use web3 dApps after a supply chain attack on the 'Ledger dApp Connect Kit' library was found pushing a JavaScript wallet drainer that stole $600,000 in crypto and NFTs. Ledger is a hardware wallet that lets users buy, manage, and securely store their digital assets offline, supporting multiple cryptocurrencies, including Bitcoin and Ethereum. The company offers a library called the "Ledger dApps Connect Kit" that allows web3 apps to connect to Ledger hardware wallets.
"Attacks targeting external vendors and partners are a constant threat," said Joel Molinoff, BlueVoyant's global head of Supply Chain Defense. "Our data suggests that the scope of the problem is increasing, with more enterprise vendors and suppliers falling prey to cyber attacks. Enterprises recognize the issue but the standard approach to third-party risk management is proving inadequate. Companies now need to focus energies on methods that proactively illuminate and reduce supply chain risk."
Enhancing its predecessor, the SCS 9001 2.0 standard presents a more comprehensive global cybersecurity and supply chain security framework adaptable to various communication networks across industries and sectors. How does the SCS 9001 2.0 standard differ from its predecessor regarding cybersecurity and supply chain security?
The attack started with compromising a media outlet's website to embed malicious scripts into an article, allowing for a 'watering hole' attack. State-backed North Korean hacking operations consistently rely on supply chain attacks and the exploitation of zero-day vulnerabilities as part of their cyber warfare tactics.
Kim’s cyber cronies becoming more active, sophisticated in attempts to pwn global orgs The national cybersecurity organizations of the UK and the Republic of Korea (ROK) have issued a joint...
A North Korean state-sponsored threat actor tracked as Diamond Sleet is distributing a trojanized version of a legitimate application developed by a Taiwanese multimedia software developer called...
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. According to Microsoft Threat Intelligence, activity suspected to be linked with the altered CyberLink installer file surfaced as early as October 20, 2023.
Sonatype's 9th annual State of the Software Supply Chain also covers regulations and how AI could help developers protect organizations from security risks. Attacks on software supply chains increased dramatically in 2023, with an increase of 200% compared to 2022, according to Sonatype's new report.