Backdoored Ruby gems stole credentials, injected cryptomining code
The compromise of several older versions of a popular Ruby software package (aka a Ruby “gem”) has led to the discovery of a more widespread effort to inject …
supply chain compromise
Malicious Python packages found on PyPI
Researchers have uncovered another batch of malicious Python libraries hosted on Python Package Index (PyPI). The malicious packages PyPI is the official third-party software …
Multi-stage attack techniques are making network defense difficult
IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up to date technology, …
How much risk small businesses really pose to supply chain cybersecurity?
50% of large enterprises view third-party partners of any size as a cybersecurity risk, but only 14% have experienced a breach as the result of a small business partner, while …
WordPress updates are digitally signed at last!
WordPress 5.2 is out and brings a number of functional improvements, but the great news for those who are worried about the security of their installation is the …
ASUS confirms server compromise, releases fixed Live Update tool
ASUS has finally confirmed that its servers were compromised and that its ASUS Live Update tool has been tampered with, as revealed on Monday. “ASUS has also implemented …
Attackers compromised ASUS to deliver backdoored software updates
Unknown attackers have compromised an update server belonging to Taiwanese computer and electronics maker ASUS and used it to push a malicious backdoor on a huge number of …
Researchers expose massive mobile adware and data stealing campaigns with 250 million downloads
Check Point Research has uncovered two massive mobile adware and data stealing campaigns, which have already had over 250 million downloads combined globally. Both target …
Phishing, software supply chain attacks greatest threats for businesses
Attackers continue to use phishing as a preferred attack method, but have been forced to adapt their approach as anti-phishing tools and techniques are becoming more …
PHP PEAR supply chain attack: Backdoor added to installer
Some additional details have emerged about the recent security breach involving the PHP PEAR (PHP Extension and Application Repository) webserver, but much is still unknown. …
