Mr.Trunk · @mrtrunk
5 followers · 10663 posts · Server dromedary.seedoubleyou.meSecurityAffairs: Malicious packages in the NPM designed for highly-targeted attacks https://securityaffairs.com/149165/hacking/npm-highly-targeted-attacks.html #informationsecuritynews #ITInformationSecurity #PierluigiPaganini #supplychainattack #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #Cybercrime #Hacking #Malware #malware #npm
#informationsecuritynews #itinformationsecurity #pierluigipaganini #supplychainattack #securityaffairs #breakingnews #securitynews #hackingnews #cybercrime #hacking #malware #npm
Mr.Trunk · @mrtrunk
5 followers · 10562 posts · Server dromedary.seedoubleyou.meSecurityAffairs: Malicious packages in the NPM designed for highly-targeted attacks https://securityaffairs.com/149165/hacking/npm-highly-targeted-attacks.html #informationsecuritynews #ITInformationSecurity #PierluigiPaganini #supplychainattack #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #Cybercrime #Hacking #Malware #malware #npm
#informationsecuritynews #itinformationsecurity #pierluigipaganini #supplychainattack #securityaffairs #breakingnews #securitynews #hackingnews #cybercrime #hacking #malware #npm
Mr.Trunk · @mrtrunk
4 followers · 6989 posts · Server dromedary.seedoubleyou.meSecurityAffairs: Experts warn of OSS supply chain attacks against the banking sector https://securityaffairs.com/148757/cyber-crime/supply-chain-attack-banking-sector.html #informationsecuritynews #ITInformationSecurity #PierluigiPaganini #supplychainattack #SecurityAffairs #Bankingsector #BreakingNews #SecurityNews #hackingnews #CyberCrime #Cybercrime #Hacking #Malware #malware
#informationsecuritynews #itinformationsecurity #pierluigipaganini #supplychainattack #securityaffairs #bankingsector #breakingnews #securitynews #hackingnews #cybercrime #hacking #malware
Marcel SIneM(S)US · @simsus
205 followers · 4624 posts · Server social.tchncs.de
Cyber-Sicherheitsbericht: Steigende Bedrohungslage im Gesundheitswesen | Security https://www.heise.de/news/ENISA-Bericht-zu-Cyber-Sicherheit-Bedrohungslage-im-Gesundheitswesen-steigt-9217465.html #DigitalHealth #Digitalisierung #digitalization #DDoS #Hacking #Ransomware #SupplyChainAttack #SupplyChain #Malware #SocialEngineering
#digitalhealth #digitalisierung #digitalization #ddos #hacking #ransomware #supplychainattack #supplychain #malware #socialengineering
Benjamin Carr, Ph.D. 👨🏻💻🧬 · @BenjaminHCCarr
826 followers · 2139 posts · Server hachyderm.io
#SupplyChainAttack: Abandoned #S3 Buckets Used for Malicious Payloads
Threat actors have been taking over abandoned S3 buckets to launch malicious binaries, steal login credentials and more. https://www.hackread.com/supply-chain-attack-abandoned-s3-buckets/
Manuel Bissey · @mbissey
30 followers · 471 posts · Server cyberplace.social
Snack giant Mondelez is warning past and present employees that their personal information may now be in the hands of hackers following a data #breach at a third-party firm 🤖👩💻 #supplychainattack
Marcel SIneM(S)US · @simsus
179 followers · 3286 posts · Server social.tchncs.de#VoIP-Anbieter #3CX: Die doppelte Supply-Chain-Attacke | Security https://www.heise.de/news/VoIP-Anbieter-3CX-Die-doppelte-Supply-Chain-Attacke-8974948.html #SupplyChainAttack
GeekProjects News · @news
4 followers · 3116 posts · Server geekprojects.com
This Week in Security: Cookie Monster, CyberGhost, NEXX, and Dead Angles https://hackaday.com/2023/04/07/this-week-in-security-cookie-monster-cyberghost-nexx-and-dead-angles/ #ThisWeekinSecurity #supplychainattack #HackadayColumns #SecurityHacks #News #NEXX #vpn
#ThisWeekinSecurity #supplychainattack #HackadayColumns #SecurityHacks #News #nexx #vpn
IT News · @itnewsbot
3074 followers · 255592 posts · Server schleuss.onlineThis Week in Security: Cookie Monster, CyberGhost, NEXX, and Dead Angles - “Operation Cookie Monster” ranks as one of the best code names in recent memory. A... - https://hackaday.com/2023/04/07/this-week-in-security-cookie-monster-cyberghost-nexx-and-dead-angles/ #thisweekinsecurity #supplychainattack #hackadaycolumns #securityhacks #news #nexx #vpn
#vpn #nexx #news #securityhacks #hackadaycolumns #supplychainattack #thisweekinsecurity
Edu Minguez 🐧 · @minWi
161 followers · 372 posts · Server tty0.social
RT @fr0gger_
🔍If you are looking for a comprehensive overview of the current #3CX supply chain attack, I created a diagram that shows the attack flow!💥I'll update as soon as the analysis progresses. Stay tuned for the MacOS edition! #cybersecurity #infosec #supplychainattack #3CXpocalypse
#3cx #cybersecurity #infosec #supplychainattack #3cxpocalypse
GeekProjects News · @news
4 followers · 3116 posts · Server geekprojects.com
This Week in Security: Macstealer, 3CX Carnage, and Github’s Lost Key https://hackaday.com/2023/03/31/this-week-in-security-macstealer-3cx-carnage-and-githubs-lost-key/ #ThisWeekinSecurity #supplychainattack #HackadayColumns #SecurityHacks #MacStealer #News
#ThisWeekinSecurity #supplychainattack #HackadayColumns #SecurityHacks #macstealer #News
IT News · @itnewsbot
3054 followers · 254754 posts · Server schleuss.onlineThis Week in Security: Macstealer, 3CX Carnage, and Github’s Lost Key - There’s a naming overload here, as two bits of security news this week are using t... - https://hackaday.com/2023/03/31/this-week-in-security-macstealer-3cx-carnage-and-githubs-lost-key/ #thisweekinsecurity #supplychainattack #hackadaycolumns #securityhacks #macstealer #news
#news #macstealer #securityhacks #hackadaycolumns #supplychainattack #thisweekinsecurity
Tech news from Canada · @TechNews
421 followers · 11322 posts · Server mastodon.roitsystems.caArs Technica: Trojanized Windows and Mac apps rain down on 3CX users in massive supply chain attack https://arstechnica.com/?p=1927920 #Tech #arstechnica #IT #Technology #supplychainattack #Biz&IT #3cx
#Tech #arstechnica #it #technology #supplychainattack #biz #3cx
IT News · @itnewsbot
3051 followers · 254636 posts · Server schleuss.onlineTrojanized Windows and Mac apps rain down on 3CX users in massive supply chain attack - Enlarge (credit: Getty Images)
Hackers working on behalf of th... - https://arstechnica.com/?p=1927920 #supplychainattack #biz #3cx
runejuhl · @runejuhl
4 followers · 10 posts · Server infosec.exchangeBeen spending some time with #guix, trying to package some #golang programs.
First off: Guix is amazing. The ideas, the features, the parens. Much love since I first saw @civodul talk at #fosdem some time in the past decade.
Second: packaging is absurd, holy hell! Started out trying to make a Guix package definition for Apache #solr (jumping into the deep end straight away), and left that alone after the Java project demanded that #perl and #python be installed (alright, not too bad), and continued to pull down #gradle and #nodejs, along with #npm packages. So many entry points for #supplychainattack!
#guix #golang #fosdem #solr #perl #python #gradle #nodejs #npm #supplychainattack
Manuel Bissey @DART · @mbissey
0 followers · 3 posts · Server cyberplace.social
The hack of SolarWinds' software more than two years ago pushed the threat of software supply chain attacks to the front of security conversations, but is anything being done?.… 👩💻🤖 #supplychainattack
Mab@DART · @mbissey
0 followers · 1 posts · Server cyberplace.social
98% of organizations have vendor relationships with at least one third-party that has experienced a breach in the last two years☝️🛡️ #supplychainattack #breach
forgrindan · @forgrindan
14 followers · 104 posts · Server flokinet.socialWieder Pakete mit #Malware in #OpenSource-Code-Repository entdeckt, diesmal war #PyPI betroffen, Python Package Index, das offizielle #Software-#Repository für die #Programmiersprache #Python.
Die Pakete colorslib, httpslib, and libhttps enthielten jeweils identische Setup-Dateien, durch die Schadcode nachgeladen wird. Sie wurden alle von einem User hochgeladen.
#RubyGems, PyPI, #NPM... Vorsicht ist wohl geboten
#supplychainattack
https://arstechnica.com/information-technology/2023/01/more-malicious-packages-posted-to-online-repository-this-time-its-pypi/
#malware #opensource #pypi #software #repository #programmiersprache #python #rubygems #npm #supplychainattack
jbz 🧑💻🐧😸👾⏳🧮🤯 · @jbzfn
224 followers · 1258 posts · Server mastodon.social「 The author also positions each package as legitimate and clean by including a convincing project description. However, these packages download and run a malicious binary executable.
Python end users should always perform due diligence before downloading and running any packages, especially from new authors. And as can be seen, publishing more than one package in a short time period is no indication that an author is reliable 」
#pypi #python #zerodays #cybersecurity #supplychainattack
jbz 🧑💻🐧😸👾⏳🧮🤯 · @jbzfn
224 followers · 1258 posts · Server mastodon.social
「The FortiGuard Labs team has discovered a new 0-day attack embedded in three PyPI packages (Python Package Index) called ‘colorslib’, ‘httpslib’, and “libhttps”. They were found on January 10, 2023, by monitoring an open-source ecosystem. The Python packages “colorslib” and “httpslib” were published on January 7, 2023, and “libhttps” was published on January 12, 2023. All three were published by the same author」
#python #zerodays #cybersecurity #supplychainattack #pypi