What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in supply chain

S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug [Podcast]

by Paul Ducklin We look into Apple’s recent emergency updates that closed off four in-the-wild browser bugs. We explain how the infamous “Flubot” home delivery scam works and how to stop it. We investigate a recent security bug that threatened the PHP ecosystem. With Doug Aamoth and Paul Ducklin. Intro . . . Read more

PHP community sidesteps its third supply chain attack in three years

by Paul Ducklin Swiss cybersecurity researchers recently found security holes in Composer, the software tool that programming teams use to access Packagist, the PHP ecosystems’s major online repository of PHP software modules. These bugs could have allowed cybercriminals to poison the Packagist system itself, thus tainting the very watering hole . . . Read more

Naked Security Live – “XcodeSpy” takes aim at Mac and iOS developers

by Paul Ducklin Just one tiny line of script in your Xcode project – and you’ve been pwned! Learn all about it, and what you can do to avoid supply chain problems if you’re a coder yourself: Watch directly on YouTube if the video won’t play here.Click the on-screen Settings . . . Read more

S3 Ep23: Hafnium happenings, I see you, and Pythonic poison [Podcast]

by Paul Ducklin Getting to grips with the HAFNIUM gang/vulnerabilities/exploits/webshells/attacks. Why it’s important to think before you share those home-based selfies. What you need to know about social engineering. How (not!) to prove a point when you’re a programmer. With Kimberly Truong and Paul Ducklin. Intro and outro music by . . . Read more

Poison packages – “Supply Chain Risks” user hits Python community with 4000 fake modules

by Paul Ducklin If you’ve ever used the Python programming language, or installed software written in Python, you’ve probably used PyPI, even if you didn’t realise it at the time. PyPI is short for the Python Package Index, and it currently contains just under 300,000 open source add-on modules (290,614 . . . Read more