supply chain attack – Page 6 – Experimental News Clipping Site

Anchore: DORA + SBOM Primer: Achieving Software Supply Chain Security in Regulated Industries

Feb 11, 2025

—

by

Source URL: https://anchore.com/blog/dora-overview/ Source: Anchore Title: DORA + SBOM Primer: Achieving Software Supply Chain Security in Regulated Industries Feedly Summary: At Anchore, we frequently discuss the steady drum beat of regulatory bodies mandating SBOMs (Software Bills of Materials) as the central element of modern software supply chain security. The Digital Operational Resilience Act (DORA) is…

Hacker News: Fake VS Code Extension on NPM Spreads Multi-Stage Malware

Feb 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.mend.io/blog/fake-vs-code-extension-on-npm-spreads-multi-stage-malware/ Source: Hacker News Title: Fake VS Code Extension on NPM Spreads Multi-Stage Malware Feedly Summary: Comments AI Summary and Description: Yes Summary: The text reports on a recent discovery of a malicious VS-code extension that employs typosquatting tactics to deliver multi-stage malware to unsuspecting developers. The incident highlights critical security vulnerabilities in…

Hacker News: iPhone apps found on App Store with malware that reads your screenshots for data

Feb 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://9to5mac.com/2025/02/05/iphone-apps-on-app-store-malware-reads-screenshots/ Source: Hacker News Title: iPhone apps found on App Store with malware that reads your screenshots for data Feedly Summary: Comments AI Summary and Description: Yes Summary: Researchers at Kaspersky have discovered a novel malware, termed ‘SparkCat’, embedded in iOS and Android apps, utilizing screenshot-reading OCR technology to search for sensitive recovery…

Cisco Talos Blog: Google Cloud Platform Data Destruction via Cloud Build

Feb 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/gcp-data-destruction-via-cloud-build/ Source: Cisco Talos Blog Title: Google Cloud Platform Data Destruction via Cloud Build Feedly Summary: A technical overview of Cisco Talos’ investigations into Google Cloud Platform Cloud Build, and the threat surface posed by the storage permission family. AI Summary and Description: Yes **Summary:** The text discusses security vulnerabilities associated with Google…

Slashdot: iOS App Store Apps With Screenshot-Reading Malware Found For the First Time

Feb 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/02/05/2010251/ios-app-store-apps-with-screenshot-reading-malware-found-for-the-first-time?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: iOS App Store Apps With Screenshot-Reading Malware Found For the First Time Feedly Summary: AI Summary and Description: Yes Summary: The discovery of “SparkCat” malware infiltrating iOS and Android apps marks a significant breach of security, being the first to implement malicious screenshot-reading capabilities in Apple’s App Store. This…

Cloud Blog: Empowering federal agencies with a more secure and efficient developer experience

Feb 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/public-sector/empowering-federal-agencies-with-a-more-secure-and-efficient-developer-experience/ Source: Cloud Blog Title: Empowering federal agencies with a more secure and efficient developer experience Feedly Summary: In the federal government, organizations face unique challenges in meeting strict security and compliance requirements. FedRAMP, IL4, and IL5 standards set forth rigorous guidelines to ensure the protection of sensitive data and systems. Google Cloud…

The Register: Poisoned Go programming language package lay undetected for 3 years

Feb 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/02/04/golang_supply_chain_attack/ Source: The Register Title: Poisoned Go programming language package lay undetected for 3 years Feedly Summary: Researcher says ecosystem’s auto-caching is a net positive but presents exploitable quirks A security researcher says a backdoor masquerading as a legitimate Go programming language package used by thousands of organizations was left undetected for years.……

The Register: Lazarus Group cloned open source projects to plant backdoors, steal credentials

Jan 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/29/lazarus_groups_supply_chain_attack/ Source: The Register Title: Lazarus Group cloned open source projects to plant backdoors, steal credentials Feedly Summary: Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? North Korea’s Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing…

Anchore: 2025 Cybersecurity Executive Order Requires Up Leveled Software Supply Chain Security

Jan 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/2025-cybersecurity-executive-order/ Source: Anchore Title: 2025 Cybersecurity Executive Order Requires Up Leveled Software Supply Chain Security Feedly Summary: A few weeks ago, the Biden administration published a new Executive Order (EO) titled “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity”. This is a follow-up to the original cybersecurity executive order—EO 14028—from…

The Register: Supply chain attack hits Chrome extensions, could expose millions

Jan 22, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/22/supply_chain_attack_chrome_extension/ Source: The Register Title: Supply chain attack hits Chrome extensions, could expose millions Feedly Summary: Threat actor exploited phishing and OAuth abuse to inject malicious code Cybersecurity outfit Sekoia is warning Chrome users of a supply chain attack targeting browser extension developers that has potentially impacted hundreds of thousands of individuals already.……

Tag: supply chain attack