Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
10 résultats taggé supplychain  ✕
Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats https://unit42.paloaltonetworks.com/realtek-sdk-vulnerability/
24/01/2023 23:27:48
QRCode
archive.org
thumbnail

We observed a recent spate of supply chain attacks attempting to exploit CVE-2021-35394, affecting IoT devices with chipsets made by Realtek.

unit42 EN 2023 CVE-2021-35394 IoT devices supplychain attacks Realtek
Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack
02/11/2022 21:03:04
QRCode
archive.org
thumbnail

Last week, our automated risk detection platform alerted us to suspicious activity in dozens of newly published PyPI packages. Here's what we uncovered.

Phylum EN 2022 supplychain PyPI W4SP Stealer Attack
Software Delivery Shield protects the software supply chain https://cloud.google.com/blog/products/devops-sre/introducing-software-delivery-shield-from-google-cloud
14/10/2022 13:43:39
QRCode
archive.org
thumbnail

Software Delivery Shield, a software supply chain security solution, can enhance the security posture along the supply chain from dev to production.

google EN blog cloud supplychain supply-chain solution dev shield announcement
Threat Alert: Private npm Packages Disclosed via Timing Attacks https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm
14/10/2022 09:42:51
QRCode
archive.org
thumbnail

Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages

aquasec EN 2022 npm supplychain supply-chain attack timing-attack
PHP Supply Chain Attack on Composer https://blog.sonarsource.com/php-supply-chain-attack-on-composer/
05/10/2022 22:32:46
QRCode
archive.org
thumbnail

We recently discovered a vulnerability in Composer, the main package manager for PHP, and were able to use it to take over the central repository, packagist.org.

sonarsource EN 2022 php supplychain supply-chain packagist.org
Python packages upload your AWS keys, env vars, secrets to the web https://blog.sonatype.com/python-packages-upload-your-aws-keys-env-vars-secrets-to-web
27/06/2022 09:21:55
QRCode
archive.org
thumbnail

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

sonatype EN 20022 supplychain Python stealer AWS keys packages loglib-modules pyg-modules pygrata pygrata-utils hkg-sol-utils
PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables https://blog.sonatype.com/pypi-package-ctx-compromised-are-you-at-risk
25/05/2022 06:59:04
QRCode
archive.org
thumbnail

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

PyPI ctx PHP supplychain attack sonatype EN 2022 exfiltration steal Supply-chain-security
Malicious PyPI package opens backdoors on Windows, Linux, and Macs https://www.bleepingcomputer.com/news/security/malicious-pypi-package-opens-backdoors-on-windows-linux-and-macs/
21/05/2022 22:21:57
QRCode
archive.org
thumbnail

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

Backdoor Cobalt-Strike Cobalt-Strike-Beacon Linux macOS PyPI Python Windows supplychain
npm Supply Chain Attack Targeting Germany-Based Companies https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/
11/05/2022 11:32:33
QRCode
archive.org
thumbnail

The JFrog Security Research team identified and quickly disclosed new npm malicious packages aimed at compromising leading industrial organizations

jfrog 2022 EN Supply Chain supplychain industrial npm attack research
Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion https://thehackernews.com/2022/03/popular-npm-package-updated-to-wipe.html
19/03/2022 23:54:09
QRCode
archive.org

In what's an act of deliberate sabotage, the developer behind the popular "node-ipc" NPM package shipped a new tampered version to condemn Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain.

thehackernews EN 2022 node-ipc developer cyberwar NPM supplychain sabotage CVE-2022-23812
1033 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio