The attackers behind the REvil ransomware family has also threatened to release personal data on Madonna and other celebrities to the highest bidders. The attackers who leaked sensitive information on Lady Gaga last week after breaking into systems belonging to a law firm with a long list of celebrity clients, are now threatening to do
Complex supply chains have complex security requirements, but secure them you must. Here’s where to start. 1 of 9 It seems impossible to overstate the importance of the supply chain, especially in times like these. Millions of consumers, too, learned distressing lessons when stories of crops rotting in fields and images of empty grocery shelves
Attackers seed Ruby Gems repository with more than 760 malicious packages using names just a bit different than the standard code libraries. Developers that make a simple typing mistake could find their systems compromised by malware in the latest attack on the software supply chain, say researchers at ReversingLabs, a software analysis platform provider. The
Attackers compromised Volusion’s Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites. Magecart attackers have infiltrated cloud-based e-commerce provider Volusion to successfully infect at least 6,500 customer websites with malicious code designed to lift payment card information. To do this, they had to first break into Volusion’s Google Cloud environment.
The object of this new attack campaign is not swordfish or tuna but high-ranking executives within target organizations. Supply chain attacks are becoming an increasingly popular strategy for threat actors. According to Symantec, supply chain attacks rose by 78% in 2018, and a similar report by Carbon Black estimates that half of cyberattacks now target supply chains.
A recently announced pair of vulnerabilities in server firmware could put enterprise IT at risk. A recently announced pair of vulnerabilities in the firmware for baseboard management controllers (BMCs) used by at least eight different manufacturers’ servers is the latest incident to show a supply chain vulnerability that can have an impact on enterprise computing.
A code backdoor in a package on the Python Package Index demonstrates the importance of verifying code brought in from code repositories. The pace of modern software development requires code reuse, and effective code reuse requires code repositories. These collections of code fragments, functions, libraries, and modules allow developers to write applications without having to
With some security best practices, enterprises can significantly reduce the chances that a potential supply chain attack will affect business operations. Attackers today are getting increasingly creative with how they target organizations, often utilizing the supply chain as a point of ingress — exactly the kind of thing that keep security pros up at night.
Open source components help developers innovate faster, but they sometimes come at a high price. 1 of 9 Image Source: Adobe Stock Developers in enterprise environments — and at commercial software companies, for that matter — have learned that to deliver features swiftly, it’s much more expedient not to reinvent the wheel with certain chunks of code.
Breaches caused by external vendors and service providers have become a major and escalating problem for organizations. 1 of 8 Image Source: Shutterstock Breaches resulting from third-party security lapses are on the rise. Last year, 61% of surveyed US organizations said they had experienced a breach caused by one of their vendors or another third party. Some