Tag Archives: supply chain attack

Backdoor slipped into popular code library, drains ~$155k from digital wallets

Hackers pocketed as much as $155,000 by sneaking a backdoor into a code library used by developers of smart contract apps that work with the cryptocurrency known as Solana. The supply-chain attack targeted solana-web3.js, a collection of JavaScript code used by developers of decentralized apps for interacting with the Solana blockchain. These “dapps” allow people… Read More »

Backdoor found in widely used Linux utility breaks encrypted SSH connections

Enlarge / Internet Backdoor in a string of binary code in a shape of an eye. Getty Images reader comments 93 Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian. The compression utility, known as xz Utils, introduced… Read More »

GitHub besieged by millions of malicious repositories in ongoing attack

Getty Images reader comments 36 GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency from developer devices, researchers said. The malicious repositories are clones of legitimate ones, making them hard to distinguish to the casual eye. An… Read More »

Trojanized Windows and Mac apps rain down on 3CX users in massive supply chain attack

Getty Images reader comments 11 with Share this story Hackers working on behalf of the North Korean government have pulled off a massive supply chain attack on Windows and macOS users of 3CX, a widely used voice and video calling desktop client, researchers from multiple security firms said. The attack compromised the software build system… Read More »

10 malicious Python packages exposed in latest repository attack

Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They’re becoming increasingly common. (credit: Getty Images) Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar… Read More »

Supply chain attack used legitimate WordPress add-ons to backdoor sites

Getty Images reader comments 10 with 10 posters participating Share this story Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on “quite a few” sites running the open source content management system. The backdoor gave the attackers… Read More »

Cryptocurrency launchpad hit by $3 million supply chain attack

reader comments 37 with 25 posters participating, including story author Share this story SushiSwap’s chief technology officer says the company’s MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year,… Read More »

Software downloaded 30,000 times from PyPI ransacked developers’ machines

reader comments 85 with 63 posters participating, including story author Share this story Open source packages downloaded an estimated 30,000 times from the PyPI open source repository contained malicious code that surreptitiously stole credit card data and login credentials and injected malicious code on infected machines, researchers said on Thursday. In a post, researchers Andrey… Read More »

Hacker lexicon: What is a supply chain attack?

reader comments 12 with 12 posters participating Share this story Cybersecurity truisms have long been described in simple terms of trust: Beware email attachments from unfamiliar sources and don’t hand over credentials to a fraudulent website. But increasingly, sophisticated hackers are undermining that basic sense of trust and raising a paranoia-inducing question: what if the legitimate… Read More »

Backdoored developer tool that stole credentials escaped notice for 3 months

Getty Images reader comments 43 with 28 posters participating Share this story A publicly available software development tool contained malicious code that stole the authentication credentials that apps need to access sensitive resources. It’s the latest revelation of a supply chain attack that has the potential to backdoor the networks of countless organizations. The Codecov… Read More »