Displaying items by tag: Supply chain attack

The software supply chain starts with the developer, and with developer accounts being prized targets for account takeover, GitHub will require all users who contribute code to enable one or more forms of 2FA before the end of 2023.

Published in Open Source

2021 began with the SolarWinds supply chain attack and ended with the Log4j vulnerabilities, with vastly increased levels of ransomware in between. Cybercriminals are on the rise and 2022 shows no sign of abating. SonicWall’s comprehensive 66-page report brings you research, trends, and insights that make it a must-read for all CISOs, CTOs, and CIOs.

Published in Security
Wednesday, 08 September 2021 10:55

Website of REvil ransomware gang back on the dark web

The website of the prolific ransomware group REvil has come back online about two months after it disappeared following an attack on a number of managed service providers.

Published in Security

The executive order on cyber security issued by the US on Thursday will be judged by whether it can stop the next attack similar to the Colonial Pipeline attack or the SolarWinds supply chain fiasco, the head of a security firm says.

Published in Security

The Australian company behind a password manager that was subjected to a supply chain attack is blaming customers who post its advisories about the attack on social media, claiming this may lead to related attacks.

Published in Security

Australian company Click Studios has warned users of its enterprise password manager Passwordstate that a supply chain attack may have led to their customers' password records being harvested.

Published in Security

Software auditing tool maker Codecov has had its systems breached and the attackers are now reportedly using its bash uploader script to gain access to hundreds of its customers' networks.

Published in Security

Microsoft has admitted that the malicious attackers involved in a supply chain attack gained access to some part of the source code for its Azure, Exchange and Intune products.

Published in Security

Email security firm Mimecast has admitted that the compromise of a certificate it had issued for some Microsoft services is connected to the SolarWinds supply chain incident.

Published in Security

Russian security firm Kaspersky says it has found some similarities in the methods used by the SUNBURST malware, that was used in a supply chain attack on a number of US firms disclosed in December, and long-time attacker, the Turla Group.

Published in Security

Neither American cyber security firm FireEye nor software giant Microsoft, the two companies which carried out an investigation into supply chain attacks on many companies through software made by SolarWinds, have attributed the attacks to any country, least of all Russia, in their reports.

Published in Open Sauce

Ten months ago, the American news agency Bloomberg published a sensational story claiming that Chinese spies had corrupted the tech supply chain and installed small chips on motherboards which were supplied to the American company Supermicro Computer. Despite being met by a storm of denial, the likes of which is rarely seen, Bloomberg has neither retracted nor corrected the yarn till today.

Published in Open Sauce

Six additional companies, apart from Taiwan-based PC maker ASUS, were targeted by the ShadowHammer supply chain attack which was reported last month by the security firm Kaspersky Lab.

Published in Security

Russian security firm Kaspersky Lab claims to have uncovered a sophisticated supply chain attack which used the live update utility that comes on hardware made by ASUS, the fifth largest PC supplier which is based in Taiwan, with the attack having taken place between June and November 2018.

Published in Security

Global research conducted by security software vendor CrowdStrike reveals many companies lack visibility and awareness to combat supply chain attacks despite the majority having experienced breaches.

Published in Security

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments