Tech

Supply chain attack used legitimate WordPress add-ons to backdoor sites

Enlarge (credit: Getty Images) Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on “quite a few” sites running the open source content management system. The backdoor gave the particular attackers full administrative control of websites that used […]

Tech

Cryptocurrency launchpad hit by $3 million supply chain attack

Enlarge (credit: Austin Distel) SushiSwap’s chief technology officer says the company’s MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi’s newest offering, Minimal Initial SushiSwap Offering (MISO), is […]

Tech

Software downloaded 30,000 times from PyPI ransacked developers’ machines

Enlarge Open source packages downloaded an estimated 30,000 times from the PyPI open source repository contained malicious code that surreptitiously stole credit card data and login credentials and injected malicious code on infected machines, researchers said on Thursday. In a post, researchers Andrey Polkovnichenko, Omer Kaspi, and Shachar Menashe of security firm JFrog said they […]

Tech

Hacker lexicon: What is a supply chain attack?

Enlarge (credit: Frank Lindecke / Flickr) Cybersecurity truisms have long been described in simple terms of trust: Beware email attachments from unfamiliar sources, and don’t hand over credentials to a fraudulent website. But increasingly, sophisticated hackers are undermining that basic sense of trust and raising a paranoia-inducing question: What if the legitimate hardware and software […]

Tech

Backdoored developer tool that stole credentials escaped notice for 3 months

Enlarge (credit: Getty Images) A publicly available software development tool contained malicious code that stole the authentication credentials that apps need to access sensitive resources, in the latest revelation of a supply chain attack that has the potential to backdoor the networks of countless organizations. The Codecov Bash Uploader contained the backdoor from late January […]

Tech

Mimecast says SolarWinds hackers breached its network and spied on customers

Enlarge / Breaking in the computer. (credit: Getty Images) Email-management provider Mimecast has confirmed that a network intrusion used to spy on its customers was conducted by the same advanced hackers responsible for the SolarWinds supply chain attack. The hackers, which US intelligence agencies have said likely have Russian origins, used a backdoored update for […]

Tech

Microsoft says SolarWinds hackers stole source code for 3 products

Enlarge (credit: Drew Angerer | Getty Images) The hackers behind one of the worst breaches in US history read and downloaded some Microsoft source code, but there’s no evidence they were able to access production servers or customer data, Microsoft said on Thursday. The software maker also said it found no evidence the hackers used […]

Tech

New supply chain attack uses poisoned updates to infect gamers’ computers

Enlarge / Circuit board with speed motion and light. (credit: Getty Images) Researchers have uncovered a software supply-chain attack that is being used to install surveillance malware on the computers of online gamers. The unknown attackers are targeting select users of NoxPlayer, a software package that emulates the Android operating system on PCs and Macs. […]

Tech

Bucking Trump, NSA and FBI say Russia was “likely” behind SolarWinds hack

Enlarge / Side view of colorful St. Basil’s Cathedral in Moscow on Red Square in front of the Kremlin, Russia. (credit: Getty Images) Hackers working for the Russian government were “likely” behind the software supply chain attack that planted a backdoor in the networks of 180,000 private companies and governmental bodies, officials from the US […]