12 matches found
Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages
Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks. "As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to...
North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks. The packages, per Socket, have...
New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers
A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the "audio gap" and exfiltrating sensitive information by taking advantage of the noise generated by pixels on an LCD screen. "Malware in the air-gap and audio-gap computers generates crafted pixe...
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams
Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation. These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the...
North Korean Actors Behind Active Exploitation of TeamCity Vulnerability
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The North Korean threat actors Lazarus and its subgroup Andariel are actively exploiting the CVE-2023-42793 vulnerability, which is an authentication bypass vulnerability, after successful exploitation, ...
QSC 2022: That’s a Wrap!
Over the years, the threat landscape has exploded, and bad actors have become increasingly sophisticated, making the demand for cloud security platforms - that save security teams time and increase efficiency - a must-have for every cyber arsenal. This was underscored last week at QSC 2022 Las...
Researchers Uncover Rust Supply Chain Attack Targeting Cloud CI Pipelines
A case of software supply chain attack has been observed in the Rust programming language's crate registry that leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm SentinelOne dubbed the attack "CrateDepression." Typosquatting attacks take place wh...
2021 in Review, Part 4: 5 Cybersecurity Topics to Watch in 2022
One of the core principles of cybersecurity is not letting things “slip through the cracks”. An effective security posture depends on visibility. The more visibility you have into the environments where your data is, the more successful you will be in applying your organization’s security protoco...
Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers
A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejsnetserver" and downloaded over 1,283 times since February 2019, was last...
A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack
SolarWinds, the Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U managed file transfer service. The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP product...
Google Releases New Framework to Prevent Software Supply Chain Attacks
As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called "Supply chain Levels for Software Artifacts" SLSA, and...
CISA and NIST Release New Interagency Resource: Defending Against Software Supply Chain Attacks
A software supply chain attack—such as the recent SolarWinds Orion attack—occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor sends it to their customers. The compromised software can then further...