chain attack – Page 6 – Experimental News Clipping Site

Schneier on Security: Delivering Malware Through Abandoned Amazon S3 Buckets

Feb 12, 2025

—

by

Source URL: https://www.schneier.com/blog/archives/2025/02/delivering-malware-through-abandoned-amazon-s3-buckets.html Source: Schneier on Security Title: Delivering Malware Through Abandoned Amazon S3 Buckets Feedly Summary: Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don’t realize…

Anchore: DORA + SBOM Primer: Achieving Software Supply Chain Security in Regulated Industries

Feb 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/dora-overview/ Source: Anchore Title: DORA + SBOM Primer: Achieving Software Supply Chain Security in Regulated Industries Feedly Summary: At Anchore, we frequently discuss the steady drum beat of regulatory bodies mandating SBOMs (Software Bills of Materials) as the central element of modern software supply chain security. The Digital Operational Resilience Act (DORA) is…

Hacker News: Fake VS Code Extension on NPM Spreads Multi-Stage Malware

Feb 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.mend.io/blog/fake-vs-code-extension-on-npm-spreads-multi-stage-malware/ Source: Hacker News Title: Fake VS Code Extension on NPM Spreads Multi-Stage Malware Feedly Summary: Comments AI Summary and Description: Yes Summary: The text reports on a recent discovery of a malicious VS-code extension that employs typosquatting tactics to deliver multi-stage malware to unsuspecting developers. The incident highlights critical security vulnerabilities in…

Hacker News: iPhone apps found on App Store with malware that reads your screenshots for data

Feb 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://9to5mac.com/2025/02/05/iphone-apps-on-app-store-malware-reads-screenshots/ Source: Hacker News Title: iPhone apps found on App Store with malware that reads your screenshots for data Feedly Summary: Comments AI Summary and Description: Yes Summary: Researchers at Kaspersky have discovered a novel malware, termed ‘SparkCat’, embedded in iOS and Android apps, utilizing screenshot-reading OCR technology to search for sensitive recovery…

Cisco Talos Blog: Google Cloud Platform Data Destruction via Cloud Build

Feb 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/gcp-data-destruction-via-cloud-build/ Source: Cisco Talos Blog Title: Google Cloud Platform Data Destruction via Cloud Build Feedly Summary: A technical overview of Cisco Talos’ investigations into Google Cloud Platform Cloud Build, and the threat surface posed by the storage permission family. AI Summary and Description: Yes **Summary:** The text discusses security vulnerabilities associated with Google…

Slashdot: iOS App Store Apps With Screenshot-Reading Malware Found For the First Time

Feb 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/02/05/2010251/ios-app-store-apps-with-screenshot-reading-malware-found-for-the-first-time?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: iOS App Store Apps With Screenshot-Reading Malware Found For the First Time Feedly Summary: AI Summary and Description: Yes Summary: The discovery of “SparkCat” malware infiltrating iOS and Android apps marks a significant breach of security, being the first to implement malicious screenshot-reading capabilities in Apple’s App Store. This…

Cloud Blog: Empowering federal agencies with a more secure and efficient developer experience

Feb 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/public-sector/empowering-federal-agencies-with-a-more-secure-and-efficient-developer-experience/ Source: Cloud Blog Title: Empowering federal agencies with a more secure and efficient developer experience Feedly Summary: In the federal government, organizations face unique challenges in meeting strict security and compliance requirements. FedRAMP, IL4, and IL5 standards set forth rigorous guidelines to ensure the protection of sensitive data and systems. Google Cloud…

The Register: Poisoned Go programming language package lay undetected for 3 years

Feb 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/02/04/golang_supply_chain_attack/ Source: The Register Title: Poisoned Go programming language package lay undetected for 3 years Feedly Summary: Researcher says ecosystem’s auto-caching is a net positive but presents exploitable quirks A security researcher says a backdoor masquerading as a legitimate Go programming language package used by thousands of organizations was left undetected for years.……

The Register: Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look ‘insignificant’

Feb 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/02/04/abandoned_aws_s3/ Source: The Register Title: Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look ‘insignificant’ Feedly Summary: When cloud customers don’t clean up after themselves, part 97 Abandoned AWS S3 buckets could be reused to hijack the global software supply chain in an attack that would make…

The Register: Lazarus Group cloned open source projects to plant backdoors, steal credentials

Jan 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/29/lazarus_groups_supply_chain_attack/ Source: The Register Title: Lazarus Group cloned open source projects to plant backdoors, steal credentials Feedly Summary: Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? North Korea’s Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing…

Tag: chain attack