supply chain compromise
PHP PEAR supply chain attack: Backdoor added to installer
Some additional details have emerged about the recent security breach involving the PHP PEAR (PHP Extension and Application Repository) webserver, but much is still unknown. …
Compromised ad company serves Magecart skimming code to hundreds of websites
Security researchers have flagged a new web-based supply chain attack by one of the cybercriminal groups that fall under the Magecart umbrella. The attackers managed to …
Supply chain compromise: Adding undetectable hardware Trojans to integrated circuits
Is it possible for attackers to equip integrated circuits with hardware Trojans that will not change the area or power consumption of the IC, making them thus indiscernible …
Attackers breached Statcounter to steal cryptocurrency from gate.io users
Web analytics company Statcounter and cryptocurrency exchange gate.io have been compromised in another supply-chain attack, which resulted in an unknown number of gate.io …
VestaCP users warned about possible server compromise
Unknown attackers have compromised the official distribution of the VestaCP hosting control panel solution to harvest server IPs and admin credentials. That information was …
Knowing how to define, screen and monitor your third parties is essential to minimizing risk
A new NAVEX Global survey found that more than a third of organizations still use paper-based records or disparate office productivity software to administer their third-party …
Securing the supply chain: Organizations need best practices in proactive security
CrowdStrike announced the results of its global supply chain survey, Securing the Supply Chain, produced by research firm Vanson Bourne. The study surveyed 1,300 senior IT …
Orangeworm hackers target healthcare corporations
A hacking group dubbed Orangeworm has been targeting, either directly or indirectly, international corporations operating within the healthcare sector, Symantec researchers …
MacOS Proton backdoor delivered via Trojanized media player app
A Trojanized version of Elmedia Player software for Mac was available for download for who knows how long from the developer’s official site, ESET researchers have …
Hackers behind CCleaner compromise were after Intel, Microsoft, Cisco
There is a new twist in the CCleaner hack saga: the attackers apparently didn’t set out to compromise as many machines as possible, but were after some very specific …
Hackers backdoored CCleaner, likely affecting millions of users
Legitimately signed but backdoored versions of the popular CCleaner utility were available for download from the developer’s Web site and servers for nearly a month, …
Android devices delivered to employees with pre-installed malware
A test of Android devices used in two unnamed companies revealed that 38 of them were infected with malware before being delivered to the employees. These were smartphones by …
Featured news
Sponsored
Don't miss
- EU adopts Cyber Resilience Act to secure connected products
- DORA regulation’s nuts and bolts
- Unlocking the power of cryptographic agility in a quantum world
- Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)
- Internet Archive data breach, defacement, and DDoS: Users’ data compromised