Security News

Supply chain emerges as major vector in escalating automotive cyberattacks
2023-12-20 05:00

In this Help Net Security video, Jay Yaneza, Cybersecurity Architect at VicOne, discusses how, in the first half of the year, cyberattacks on the automotive sector caused losses exceeding $11 billion. These attacks mainly targeted automotive suppliers, not OEMs, showing an increasing trend in supply chain vulnerabilities.

Crypto Hardware Wallet Ledger's Supply Chain Breach Results in $600,000 Theft
2023-12-15 13:01

Crypto hardware wallet maker Ledger published a new version of its "@ledgerhq/connect-kit" npm module after unidentified threat actors pushed malicious code that led to the theft of more than...

Ledger dApp supply chain attack steals $600K from crypto wallets
2023-12-14 16:22

Ledger is warnings users not to use web3 dApps after a supply chain attack on the 'Ledger dApp Connect Kit' library was found pushing a JavaScript wallet drainer that stole $600,000 in crypto and NFTs. Ledger is a hardware wallet that lets users buy, manage, and securely store their digital assets offline, supporting multiple cryptocurrencies, including Bitcoin and Ethereum. The company offers a library called the "Ledger dApps Connect Kit" that allows web3 apps to connect to Ledger hardware wallets.

Organizations prefer a combination of AI and human analysts to monitor their digital supply chain
2023-12-14 04:00

"Attacks targeting external vendors and partners are a constant threat," said Joel Molinoff, BlueVoyant's global head of Supply Chain Defense. "Our data suggests that the scope of the problem is increasing, with more enterprise vendors and suppliers falling prey to cyber attacks. Enterprises recognize the issue but the standard approach to third-party risk management is proving inadequate. Companies now need to focus energies on methods that proactively illuminate and reduce supply chain risk."

SCS 9001 2.0 reveals enhanced controls for global supply chains
2023-12-11 05:30

Enhancing its predecessor, the SCS 9001 2.0 standard presents a more comprehensive global cybersecurity and supply chain security framework adaptable to various communication networks across industries and sectors. How does the SCS 9001 2.0 standard differ from its predecessor regarding cybersecurity and supply chain security?

UK and South Korea: Hackers use zero-day in supply-chain attack
2023-11-24 17:28

The attack started with compromising a media outlet's website to embed malicious scripts into an article, allowing for a 'watering hole' attack. State-backed North Korean hacking operations consistently rely on supply chain attacks and the exploitation of zero-day vulnerabilities as part of their cyber warfare tactics.

Industry piles in on North Korea for sustained rampage on software supply chains
2023-11-23 13:38

Kim’s cyber cronies becoming more active, sophisticated in attempts to pwn global orgs The national cybersecurity organizations of the UK and the Republic of Korea (ROK) have issued a joint...

N. Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack
2023-11-23 05:46

A North Korean state-sponsored threat actor tracked as Diamond Sleet is distributing a trojanized version of a legitimate application developed by a Taiwanese multimedia software developer called...

Microsoft: Lazarus hackers breach CyberLink in supply chain attack
2023-11-22 18:06

Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. According to Microsoft Threat Intelligence, activity suspected to be linked with the altered CyberLink installer file surfaced as early as October 20, 2023.

Software Supply Chain Security Attacks Up 200%: New Sonatype Research
2023-10-17 15:29

Sonatype's 9th annual State of the Software Supply Chain also covers regulations and how AI could help developers protect organizations from security risks. Attacks on software supply chains increased dramatically in 2023, with an increase of 200% compared to 2022, according to Sonatype's new report.