Poisoned Python and PHP packages purloin passwords for AWS access

More supply chain trouble – this time with clear examples so you can learn how to spot this stuff yourself.
Want to know more about this topic or about us? Contact us!
More supply chain trouble – this time with clear examples so you can learn how to spot this stuff yourself.
Learn how to find out which apps you’ve given access rights to, and how to revoke those rights immediately in an emergency.
Latest episode -listen to it or read it now!
Two popular open source JavaScript packages recently got “hacked” in a smbolic gesture by the original project creator.
Everyone remembers this year’s big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.
by Paul Ducklin We look into Apple’s recent emergency updates that closed off four in-the-wild browser bugs. We explain how the infamous “Flubot” home delivery scam works and how to stop it. We investigate a recent security bug that threatened the PHP ecosystem. With Doug Aamoth and Paul Ducklin. Intro . . . Read more
by Paul Ducklin Swiss cybersecurity researchers recently found security holes in Composer, the software tool that programming teams use to access Packagist, the PHP ecosystems’s major online repository of PHP software modules. These bugs could have allowed cybercriminals to poison the Packagist system itself, thus tainting the very watering hole . . . Read more
by Paul Ducklin One of the hot new jargon terms in cybersecurity is supply chain attack. The phrase itself isn’t new, of course, because the idea of attacking someone indirectly by attacking someone they get their supplies from, or by attacking one of their supplier’s suppliers, and so on, is . . . Read more
by Paul Ducklin Open source web programming language PHP narrowly avoided a potentially dangerous supply chain attack over the weekend. Technically, in fact, you could say that the “attack” was successful, given that imposters were apparently able to make to make the same source code change on two separate occasions: . . . Read more
by Paul Ducklin Just one tiny line of script in your Xcode project – and you’ve been pwned! Learn all about it, and what you can do to avoid supply chain problems if you’re a coder yourself: Watch directly on YouTube if the video won’t play here.Click the on-screen Settings . . . Read more