Tag: supply
62 articles

Trojanized Go module: Stunning Risky Credential Stealer
A trojanized Go module posing as an SSH testing tool was found quietly exfiltrating successful login IPs, usernames and passwords to a hard‑coded Telegram bot—proof that convenience in open‑source can hide dangerous supply‑chain risks. Audit and pin dependencies, verify modules, and monitor outbound traffic to stop silent credential leaks before they become breaches.

customer data likely stolen: Must-Have Critical Alert
Colt warns customer data was likely stolen in a recent cyberattack and is offering a filename list to help clients check exposure. If you rely on its network services, now’s the time for targeted searches, credential rotation, and coordinated incident response.

Amazon Q Developer Must-Have Fix for Risky RCE
Amazon quietly patched serious flaws in its Q Developer VS Code extension that could let attackers inject prompts to steal local secrets like API keys or even run remote code. It’s a wake-up call to treat AI-powered IDE tools as high‑risk and lock down privileges.

MOVEit Transfer Stunning $8.5M Risky Settlement
Nuance agreed to pay $8.5 million to settle a class-action tied to the massive MOVEit supply‑chain breach — even while not admitting fault — a stark reminder that one vendor’s vulnerability can saddle many downstream companies with legal and financial fallout. Think of it as a wake-up call: tighten third‑party security, patch fast, and treat vendor risk as a boardroom priority before a breach becomes someone else’s bill.

NFC fraud: Must-Have Defenses Against Costly Attacks
Security rarely breaks in a single blast — it seeps away. This week’s roundup shows how NFC fraud, N‑able exploits, and malicious Docker images quietly erode trust and widen blast radii when small oversights go unpatched.

Taiwanese web hosting Exclusive: Critical Espionage Risk
Imagine an invisible enemy living inside the servers that power your websites and email — Cisco Talos found a Chinese‑linked APT using a Taiwanese web host to intercept traffic, harvest credentials and stage persistent espionage. This supply‑chain breach is a wake‑up call: treat hosts as critical infrastructure and demand stronger controls, logging and incident guarantees now.

Workday CRM breach: Stunning Critical Risk Revealed
Workday says attackers accessed vendor-run CRM tools that support its customers, potentially exposing contact and support data — a stark reminder that even trusted platforms can be vulnerable through third-party integrations. If you use Workday, assume elevated risk, tighten vendor controls, and watch for suspicious communications while the investigation continues.

FortiSIEM vulnerability: Critical, Risky Exploit Emerges
A critical FortiSIEM flaw with exploit code now circulating turns your SIEM into a prime target. Patch, tighten access, and hunt for signs of compromise immediately to protect visibility and contain risk.

Kaseya ransomware: Stunning Risky State-Linked Claims
Was the July 2021 Kaseya REvil attack just criminal profit-seeking or something far more dangerous—potentially state-enabled? New evidence presented at DEF CON 33 suggests probable Russian government involvement, a claim that would radically change how governments, businesses, and MSPs respond to future supply-chain cyberattacks.

Amazon-like online marketplace: Must-Have Game-Changer
Imagine soldiers ordering vetted drones as easily as parents buy toys—scrolling specs, reading reviews, and getting gear to the unit in days instead of months. The Army’s new Amazon-like UAS marketplace aims to speed fielding and widen vendor access, while tackling the security, sustainment, and oversight challenges that come with buying fast.

npm package malware: Must-Have Best Defenses
Think a routine dependency update is harmless? The recent npm malware attack—where phishers stole maintainer tokens to publish malicious versions of five popular packages—proves supply-chain trust can be shattered and why maintainers, consumers, and registries must act now to enforce 2FA, rotate tokens, and verify publish provenance.

Malware-as-a-Service: Exclusive Risky Threat Alert
Malware-as-a-Service is now using GitHub to quietly deliver Amadey payloads, turning trusted code into attack paths—now’s the time for teams to harden supply-chain checks, vet dependencies, and lock down CI/CD pipelines.

Critical infrastructure security: Must-Have Best Defenses
Hacktivists and sophisticated attackers are increasingly targeting the systems that keep our cities running. Learn the must-have, layered defenses governments and operators need to protect lives, services, and supply chains.

ZuRu Critical Threat: Exclusive Must-Have Defense
A new ZuRu malware strain is quietly targeting macOS developer machines and toolchains, putting builds, secrets, and the entire software supply chain at risk. Harden workstations, isolate builds, and secure credentials now to prevent a single compromised device from triggering a widespread breach.