39 matches found
Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the 1960s, de Hory gained infamy as a premier forger, passing off counterfeit masterworks of Picasso,...
Survey: Rapid AI Adoption Causes Major Cyber Risk Visibility Gaps
As software supply chains become longer and more interconnected, enterprises have become well aware of the need to…...
EUVD-2024-0257
Malicious code in bioql PyPI...
Breach Highlights AI and API Vulnerabilities in Software Supply Chains
...
CVE-2024-23332
The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions o...
CVE-2024-23332
CVE-2024-23332 affects the Notary Project: client configurations using permissive trust policies can enable rollback attacks if a compromised registry serves outdated artifacts. The connected sources describe that artifact publishers can set signature expiry and revoke certificates to keep artifa...
CVE-2024-23332 Client configured with permissive trust policies susceptible to rollback attack in Notary Project
The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions o...
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server
Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix Core Server “Perforce Server”, a source code management platform largely used in the videogame industry and by multiple...
MAL-2023-1550 Malicious code in btc-api-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx f59f6e40fe31bd4d5d4aa5da8bc0d032e2bbff9166104dc707c2987f953a5d93 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-314 Malicious code in eth-api-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx ae0229b0b9b6f52ad99cbadf592c4cd4a35c6b90764717a8d37ce843df055398 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
Malicious code in kucoin-prices (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx d89308a1cad90c22ac679c64ba69b184cebb0082f7d26962c26916f94b14fe1a Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-973 Malicious code in xml-fast-decoder (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3f72595dbe55afb8789d70686d9dfc77d102733a2090e76b1063b8a75dedd697 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-209 Malicious code in couchcache-audit (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8f29bc9b9299e2320b971e1a84be244017e82f839d86bacd6894182b8699c411 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-107 Malicious code in assets-graph (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx e513e7556846ca62fa4d27646eef928d55f2c2954ce9caa51dd63643e2adf445 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-826 Malicious code in sync-https-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 216dcfab006171670a40ded9fe39fcad616a3998fd0c9544be5281a40e766a60 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
Malicious code in sync-http-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 666c54b1098d52ea02eebf562d8cf02c1a736ee608eb15029543afd5181e4094 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-108 Malicious code in assets-table (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0980e797c7e6db1bd06873799b54350dd781176d8a2e104a7301a51053e3991b Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
Malicious code in other-web3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5fd32cf3ace29e6d712dc9711ce1fc6ce3af43ba9439e86b8f4d37756a79af7f Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-153 Malicious code in cache-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 967892bb014a13ae52c15c89a3f5ebbdc8e841bf2fd8dbe6502400f91357503d Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-947 Malicious code in vue-audit (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx d83b4e200320d89600b71bfb94b2106e5e01fe0c319873c9dac9b0d9661447da Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...