supply chain attack – Computer Security Articles

Credit to Author: Alanna Titterington| Date: Fri, 05 Jul 2024 06:21:41 +0000

The JavaScript CDN service Polyfill.io is being used for spreading malicious code redirecting users to third-party websites.

Kaspersky Security

April 15, 2024 admin

CVE-2024-3094: malicious code in Linux distributions | Kaspersky official blog

Credit to Author: Editorial Team| Date: Sun, 31 Mar 2024 19:40:31 +0000

Vulnerability CVE-2024-3094. The attackers implanted a backdoor into the compression utilities set XZ Utils versions 5.6.0 and 5.6.1.

Kaspersky Security

May 11, 2023 admin

Review and analysis of fake Trezor cryptowallet | Kaspersky official blog

Credit to Author: Stanislav Golovanov| Date: Wed, 10 May 2023 13:49:09 +0000

Fake hardware cryptowallet, and how bitcoins were stolen from it.

MalwareBytes Security

August 3, 2022 admin

NetStandard attack should make Managed Service Providers sit up and take notice

Credit to Author: Pieter Arntz| Date: Wed, 03 Aug 2022 16:48:37 +0000

The attack on MSP NetStandard reminds us once again that MSPs are a very attractive target for cybercriminals

The post NetStandard attack should make Managed Service Providers sit up and take notice appeared first on Malwarebytes Labs.

MalwareBytes Security

July 6, 2022 admin

IconBurst software supply chain attack offers malicious versions of NPM packages

Credit to Author: Pieter Arntz| Date: Wed, 06 Jul 2022 14:11:31 +0000

Researchers have uncovered a supply chain attack that tricked app and website developers into using copies of popular npm packages that contained malicious code to steal form data.

The post IconBurst software supply chain attack offers malicious versions of NPM packages appeared first on Malwarebytes Labs.

Independent Krebs

October 21, 2019 admin

Avast, NordVPN Breaches Tied to Phantom User Accounts

Credit to Author: BrianKrebs| Date: Tue, 22 Oct 2019 00:32:57 +0000

Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password.

Microsoft Security

July 26, 2018 admin

Attack inception: Compromised supply chain within a supply chain poses new risks

Credit to Author: Windows Defender ATP| Date: Thu, 26 Jul 2018 13:00:13 +0000

A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners, making the apps legitimate installer the unsuspecting carrier of a

Kaspersky Security

March 26, 2018 admin

Do not become a link in a supply chain attack

Credit to Author: Nikolay Pankov| Date: Mon, 26 Mar 2018 15:54:34 +0000

Even if you are really not an interesting target for an APT actor, you can still be used in a malware delivery chain