supply chain Archives - IT LinesIT Lines

GitHub blighted by “researcher” who created thousands of malicious projects

04 Aug, 2022 github, Law & order, Malware, Security News, supply chain 0 Comments 0

If you spew projects laced with hidden malware into an open source repository, don’t waste your time telling us “no harm done” afterwards.

Poisoned Python and PHP packages purloin passwords for AWS access

25 May, 2022 exfiltration, Malware, PHP, Python, secops, Security News, supply chain, Vulnerability, XDR 0 Comments 0

More supply chain trouble – this time with clear examples so you can learn how to spot this stuff yourself.

GitHub issues final report on supply-chain source code intrusions

29 Apr, 2022 Data loss, github, Microsoft, oauth, Security News, supply chain, Zero Trust 0 Comments 0

Learn how to find out which apps you’ve given access rights to, and how to revoke those rights immediately in an emergency.

S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]

13 Jan, 2022 Honda, Naked Security Podcast, npm, podcast, Security News, supply chain, Vulnerability 0 Comments 0

Latest episode -listen to it or read it now!

JavaScript developer destroys own projects in supply chain “lesson”

11 Jan, 2022 colors.js, faker.js, Javascript, npm, Security News, supply chain 0 Comments 0

Two popular open source JavaScript packages recently got “hacked” in a smbolic gesture by the original project creator.

Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks

25 Oct, 2021 #BeCyberSmart, #Cybermonth, Chester Wisniewki, Cybermonth 2021, Malware, podcast, Ransomware, Security leadership, Security News, sos-2021, supply chain 0 Comments 0

Everyone remembers this year’s big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.

S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug [Podcast]

06 May, 2021 Android, Apple, botnet, Flubot, iOS, Malware, Naked Security Podcast, Phishing, PHP, podcast, Privacy, Security News, supply chain, Vulnerability, zero day 0 Comments 0

by Paul Ducklin We look into Apple’s recent emergency updates that closed off four in-the-wild browser bugs. We explain how the infamous “Flubot” home delivery scam works and how to stop it. We investigate a recent security bug that threatened the PHP ecosystem. With Doug Aamoth and Paul Ducklin. Intro . . . Read more

PHP community sidesteps its third supply chain attack in three years

30 Apr, 2021 Composer, Packagist, PHP, Security News, supply chain, Vulnerability 0 Comments 0

by Paul Ducklin Swiss cybersecurity researchers recently found security holes in Composer, the software tool that programming teams use to access Packagist, the PHP ecosystems’s major online repository of PHP software modules. These bugs could have allowed cybercriminals to poison the Packagist system itself, thus tainting the very watering hole . . . Read more

Linux team in public bust-up over fake “patches” to introduce bugs

22 Apr, 2021 Hacking, Linux, Security News, supply chain, University of Minnesota, Vulnerability 0 Comments 0

by Paul Ducklin One of the hot new jargon terms in cybersecurity is supply chain attack. The phrase itself isn’t new, of course, because the idea of attacking someone indirectly by attacking someone they get their supplies from, or by attacking one of their supplier’s suppliers, and so on, is . . . Read more

PHP web language narrowly avoids dangerous supply chain attack

30 Mar, 2021 Backdoor, PHP, Security News, supply chain, Vulnerability, webshell 0 Comments 0

by Paul Ducklin Open source web programming language PHP narrowly avoided a potentially dangerous supply chain attack over the weekend. Technically, in fact, you could say that the “attack” was successful, given that imposters were apparently able to make to make the same source code change on two separate occasions: . . . Read more

What's Your IT Question?

All posts in supply chain