Enlarge (credit: Getty Images) Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on “quite a few” sites running the open source content management system. The backdoor gave the particular attackers full administrative control of websites that used […]
Enlarge (credit: Austin Distel) SushiSwap’s chief technology officer says the company’s MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi’s newest offering, Minimal Initial SushiSwap Offering (MISO), is […]
Enlarge Open source packages downloaded an estimated 30,000 times from the PyPI open source repository contained malicious code that surreptitiously stole credit card data and login credentials and injected malicious code on infected machines, researchers said on Thursday. In a post, researchers Andrey Polkovnichenko, Omer Kaspi, and Shachar Menashe of security firm JFrog said they […]
Enlarge (credit: Frank Lindecke / Flickr) Cybersecurity truisms have long been described in simple terms of trust: Beware email attachments from unfamiliar sources, and don’t hand over credentials to a fraudulent website. But increasingly, sophisticated hackers are undermining that basic sense of trust and raising a paranoia-inducing question: What if the legitimate hardware and software […]
Enlarge (credit: Getty Images) A publicly available software development tool contained malicious code that stole the authentication credentials that apps need to access sensitive resources, in the latest revelation of a supply chain attack that has the potential to backdoor the networks of countless organizations. The Codecov Bash Uploader contained the backdoor from late January […]
Enlarge / Breaking in the computer. (credit: Getty Images) Email-management provider Mimecast has confirmed that a network intrusion used to spy on its customers was conducted by the same advanced hackers responsible for the SolarWinds supply chain attack. The hackers, which US intelligence agencies have said likely have Russian origins, used a backdoored update for […]
Enlarge (credit: Drew Angerer | Getty Images) The hackers behind one of the worst breaches in US history read and downloaded some Microsoft source code, but there’s no evidence they were able to access production servers or customer data, Microsoft said on Thursday. The software maker also said it found no evidence the hackers used […]
Enlarge / Circuit board with speed motion and light. (credit: Getty Images) Researchers have uncovered a software supply-chain attack that is being used to install surveillance malware on the computers of online gamers. The unknown attackers are targeting select users of NoxPlayer, a software package that emulates the Android operating system on PCs and Macs. […]
Enlarge / Side view of colorful St. Basil’s Cathedral in Moscow on Red Square in front of the Kremlin, Russia. (credit: Getty Images) Hackers working for the Russian government were “likely” behind the software supply chain attack that planted a backdoor in the networks of 180,000 private companies and governmental bodies, officials from the US […]