#SupplyChainAttack

Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform

by

August 1, 2024 at 10:06AM Threat actors abused the Stack Exchange Q&A platform to target cryptocurrency users, promoting malware-laden Python packages. The malicious packages stole sensitive data, captured screenshots, and provided remote access to victims’ machines. These attacks demonstrate the exploitation of community-driven platforms to conduct large-scale supply chain attacks, urging individuals and organizations to … Read more

Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials

by

July 27, 2024 at 02:00AM Cybersecurity researchers found a malicious package “lr-utils-lib” on the Python Package Index, targeting specific Apple macOS systems to steal Google Cloud credentials. It checks for macOS, compares UUID against hardcoded hashes, and harvests Google Cloud data. The captured info is sent to a remote server. Social engineering tactics suggest a … Read more

SolarWinds Patches 11 Critical Flaws in Access Rights Manager Software

by

July 19, 2024 at 04:33AM SolarWinds has addressed critical security flaws in its Access Rights Manager (ARM) software, including 11 vulnerabilities and their severity ratings. These flaws could allow attackers to access sensitive information and execute code with elevated privileges. The vulnerabilities have been fixed in version 2024.3 after responsible disclosure by the Trend Micro … Read more

Judge mostly drags SEC’s lawsuit against SolarWinds into the recycling bin

by

July 18, 2024 at 05:17PM A judge has mostly dismissed a lawsuit by America’s financial watchdog against SolarWinds and its CISO for misleading investors about computer security practices and the backdooring of its Orion product after the SUNBURST attack. The judge ruled in favor of SolarWinds on post-SUNBURST claims but sustained the SEC’s securities fraud … Read more

SolarWinds fixes 8 critical bugs in access rights audit software

by

July 18, 2024 at 11:57AM SolarWinds addressed critical vulnerabilities in its Access Rights Manager software, including RCE and directory traversal flaws. These flaws could allow unprivileged attackers to execute code, delete files, and obtain sensitive information. The company released version 2024.3 with security fixes. SolarWinds has yet to confirm if exploits for the flaws are … Read more

GitHub Token Leak Exposes Python’s Core Repositories to Potential Attacks

by

July 15, 2024 at 01:06PM Cybersecurity researchers found a leaked GitHub token that could have enabled elevated access to Python repositories. JFrog discovered the token in a public Docker container and immediately revoked it after disclosure. Checkmarx also uncovered malicious packages on PyPI designed to extract sensitive information to a Telegram bot. No evidence shows … Read more

Trojanized JQuery Packages Spread via ‘Complex’ Supply Chain Attack

by

July 9, 2024 at 12:13PM Cyberattackers are targeting JavaScript developers with a supply chain attack distributing Trojanized jQuery packages across GitHub, npm, and jsDelivr repositories. The attackers exhibit an unusual lack of nomenclature and attribution, with a manual assembly and publication of each package. The attack, requiring specific user actions to trigger, emphasizes the need … Read more

Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories

by

July 9, 2024 at 01:07AM Unknown threat actors have propagated trojanized versions of jQuery on npm, GitHub, and jsDelivr in a “complex and persistent” supply chain attack. Approximately 68 packages were linked to the campaign, exhibiting high variability and clever hiding techniques. The attacker introduced malicious changes in the “end” function, enabling the exfiltration of … Read more

Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies

by

July 5, 2024 at 01:06AM A supply chain attack on the widely-used Polyfill[.]io JavaScript library has affected over 380,000 hosts, including prominent companies like WarnerBros, Hulu, Mercedes-Benz, and Pearson. The attack involved code modifications redirecting users to adult and gambling websites. The incident led to domain suspensions, content delivery network actions, and warnings of broader … Read more

Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks 

by

July 2, 2024 at 09:22AM Critical vulnerabilities in the CocoaPods dependency manager allowed threat actors to take over orphaned packages, execute shell commands, and impact millions of iOS and macOS applications. Orphaned pods were associated with a default owner, and an authentication server bug enabled remote code execution. The vulnerabilities were addressed by CocoaPods in … Read more