supply chain compromise
Adversaries exploit supply chains, double down on COVID-19 and ransomware
Supply chain attacks, ransomware, data extortion and nation-state threats prove to be more prolific than ever, a CrowdStrike report suggests. eCrime attacks made up 79% of all …
SolarWinds hack investigation reveals new Sunspot malware
Crowdstrike researchers have documented Sunspot, a piece of malware used by the SolarWinds attackers to insert the Sunburst malware into the company’s Orion software. …
2021 key risk areas beyond the pandemic
Healix International has identified six key areas of risk – besides the continued impact of COVID-19 – for global organizations in 2021. Natural disasters The increasing …
Microsoft was also a victim of the SolarWinds supply chain hack
Microsoft has confirmed that it, too, is among the companies who have downloaded the compromised SolarWinds Orion updates, but that they have isolated and removed them. …
SolarWinds hackers’ capabilities include bypassing MFA
As the list of known organizations compromised by way of the SolarWinds supply chain attack is slowly growing – according to Reuters, the attackers also breached U.S. …
Hackers breached U.S. government agencies via compromised SolarWinds Orion software
A “highly sophisticated” hacking group has breached the U.S. Treasury Department, the U.S. Department of Commerce’s National Telecommunications and …
Operator‑billed 5G connections revenue to reach $357 billion by 2025
Operator‑billed revenue from 5G connections will reach $357 billion by 2025, rising from $5 billion in 2020, its first full year of commercial service, according to Juniper …
The biggest cyber threats organizations deal with today
Microsoft has released a new report outlining enterprise cyberattack trends in the past year (July 2019 – June 2020) and offering advice on how organizations can protect …
Surge in cyber attacks targeting open source software projects
There has been a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains, Sonatype has found. Rise of next-gen …
760+ malicious packages found typosquatting on RubyGems
Researchers have discovered over 760 malicious Ruby packages (aka “gems”) typosquatting on RubyGems, the Ruby community’s gem repository / hosting service. The …
Third-party risk is broken, businesses unprepared for supply chain disruptions
Many companies are not dedicating proper resources to assess third-party risks, and those that are still lack confidence in their programs, according to Prevalent. Supply …
Kwampirs threat actor continues to breach transnational healthcare orgs
The Kwampirs (aka Orangeworm) attack group continues to target global healthcare entities in this time of crisis, the FBI has warned. “Targeted entities range from major …