supply chain compromise
A massive increase in eCrime behavior can easily disrupt business operations
During 2019, financially motivated cybercrime activity occurred on a nearly continuous basis, according to a CrowdStrike report. There was an increase in incidents of …
Tiny cryptographic ID chip can help combat hardware counterfeiting
To combat supply chain counterfeiting, which can cost companies billions of dollars annually, MIT researchers have invented a cryptographic ID tag that’s small enough to …
Free trojanized WordPress themes lead to widespread compromise of web servers
Over 20,000 web servers (and who knows how many websites) have been compromised via trojanized WordPress themes to deliver malware through malicious ads, Prevailion …
Is the enterprise on the brink of a global web supply chain attack?
Ever since the Web development ecosystem evolved to the current paradigm of code reuse, companies have placed themselves too close to the abyss. Web supply chain attacks are a …
Avast breached by hackers who wanted to compromise CCleaner again
Czech security software maker Avast has suffered another malicious intrusion into their networks, but the attackers didn’t accomplish what they apparently wanted: …
Backdoored Ruby gems stole credentials, injected cryptomining code
The compromise of several older versions of a popular Ruby software package (aka a Ruby “gem”) has led to the discovery of a more widespread effort to inject …
Malicious Python packages found on PyPI
Researchers have uncovered another batch of malicious Python libraries hosted on Python Package Index (PyPI). The malicious packages PyPI is the official third-party software …
Multi-stage attack techniques are making network defense difficult
IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up to date technology, …
How much risk small businesses really pose to supply chain cybersecurity?
50% of large enterprises view third-party partners of any size as a cybersecurity risk, but only 14% have experienced a breach as the result of a small business partner, while …
WordPress updates are digitally signed at last!
WordPress 5.2 is out and brings a number of functional improvements, but the great news for those who are worried about the security of their installation is the …
ASUS confirms server compromise, releases fixed Live Update tool
ASUS has finally confirmed that its servers were compromised and that its ASUS Live Update tool has been tampered with, as revealed on Monday. “ASUS has also implemented …
Attackers compromised ASUS to deliver backdoored software updates
Unknown attackers have compromised an update server belonging to Taiwanese computer and electronics maker ASUS and used it to push a malicious backdoor on a huge number of …