Experimental News Clipping Site

Tag: software supply chain

  • Slashdot: Yearlong Supply-Chain Attack Targeting Security Pros Steals 390,000 Credentials

    by

    system automation
    in

    Source URL: https://it.slashdot.org/story/24/12/13/2220211/yearlong-supply-chain-attack-targeting-security-pros-steals-390000-credentials?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Yearlong Supply-Chain Attack Targeting Security Pros Steals 390,000 Credentials Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a sophisticated supply-chain attack targeting security personnel through Trojanized open-source software, revealing significant vulnerabilities in software distribution methods. This ongoing campaign is notable for its multi-faceted approach, including the…

  • Schneier on Security: Ultralytics Supply-Chain Attack

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/12/ultralytics-supply-chain-attack.html Source: Schneier on Security Title: Ultralytics Supply-Chain Attack Feedly Summary: Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ­—which has almost 60 million downloads—was published to the Python Package Index…

  • Anchore: Understanding SBOMs: An Introduction to Modern Development

    by

    system automation
    in

    Source URL: https://anchore.com/webinars/understanding-sboms-an-introduction/ Source: Anchore Title: Understanding SBOMs: An Introduction to Modern Development Feedly Summary: The post Understanding SBOMs: An Introduction to Modern Development appeared first on Anchore. AI Summary and Description: Yes Summary: This text outlines a live webinar focused on Software Bills of Materials (SBOMs) in the context of software supply chain security,…

  • Google Online Security Blog: Google Cloud expands vulnerability detection for Artifact Registry using OSV

    by

    system automation
    in

    Source URL: https://security.googleblog.com/2024/12/google-cloud-expands-vulnerability.html Source: Google Online Security Blog Title: Google Cloud expands vulnerability detection for Artifact Registry using OSV Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the advancements in Google’s Artifact Analysis tool designed to enhance image and container security by integrating expanded open-source vulnerability scanning capabilities. This service, part of…

  • Anchore: Survey Data Shows 200% Increase in Software Supply Chain Focus

    by

    system automation
    in

    Source URL: https://anchore.com/blog/survey-data-shows-200-increase-in-software-supply-chain-focus/ Source: Anchore Title: Survey Data Shows 200% Increase in Software Supply Chain Focus Feedly Summary: Data found in the recent Anchore 2024 Software Supply Chain Security Report shows that there has been a 200% increase in the priority of software supply chain security. As attacks continue to increase, organizations are doubling their…

  • Hacker News: Ultralytics AI model hijacked to infect thousands with cryptominer

    by

    system automation
    in

    Source URL: https://www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/ Source: Hacker News Title: Ultralytics AI model hijacked to infect thousands with cryptominer Feedly Summary: Comments AI Summary and Description: Yes Summary: The Ultralytics YOLO11 AI model was compromised due to a supply chain attack that led to the deployment of cryptominers when users installed certain versions from PyPI. This incident highlights…

  • Hacker News: I algorithmically donated $5000 to Open Source

    by

    system automation
    in

    Source URL: https://kvinogradov.com/algo-sponsors/ Source: Hacker News Title: I algorithmically donated $5000 to Open Source Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the importance of funding open source software (OSS) maintainers to mitigate risks associated with the software supply chain. It highlights the disparities in funding distribution, the importance of lesser-known…

  • The Register: Solana blockchain’s popular web3.js npm package backdoored to steal keys, funds

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/05/solana_javascript_sdk_compromised/ Source: The Register Title: Solana blockchain’s popular web3.js npm package backdoored to steal keys, funds Feedly Summary: Damage likely limited to those running bots with private key access Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry, according to an advisory issued Wednesday by project…

  • Slashdot: Backdoor in Compromised Solana Code Library Drains $184,000 from Digital Wallets

    by

    system automation
    in

    Source URL: https://news.slashdot.org/story/24/12/05/1848223/backdoor-in-compromised-solana-code-library-drains-184000-from-digital-wallets?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Backdoor in Compromised Solana Code Library Drains $184,000 from Digital Wallets Feedly Summary: AI Summary and Description: Yes Summary: The Solana JavaScript SDK experienced a supply chain attack where malicious code was injected to steal cryptocurrency private keys. This incident highlights the vulnerabilities associated with software supply chains in…

  • Anchore: The Evolution of SBOMs in the DevSecOps Lifecycle: Part 2

    by

    system automation
    in

    Source URL: https://anchore.com/blog/the-evolution-of-sboms-in-the-devsecops-lifecycle-part-2/ Source: Anchore Title: The Evolution of SBOMs in the DevSecOps Lifecycle: Part 2 Feedly Summary: Welcome back to the second installment of our two-part series on “The Evolution of SBOMs in the DevSecOps Lifecycle”. In our first post, we explored how Software Bills of Materials (SBOMs) evolve over the first 4 stages…