A platform called Top.gg that’s used to publish bots for the popular Discord chat app recently had one of its GitHub repositories poisoned with malicious code as part of a larger software supply chain attack. The incident highlights the snowball effect that even one malicious packag...
When a supply chain attack is targeting your customers’ financial and personal information, it is predominantly JavaScript being compromised. To combat it, your fraud and security teams need control over the behavior of any third party JavaScript code embedded in your web applications. With continuou...
2.2 Software Supply Chain Attacks Software supply chain attacks are an emerging threat class. Instead of directly attacking victim systems, they first penetrate the upstream software supply chains to indirectly attack victim systems. There are three common attack techniques [19]: • Hijacking Updates...
Now that we understand some different ways a supply chain attack can take place, let's look at how we can harden our supply chain and protect ourselves against attacks. The difficulty with these types of attacks is that while you can do things to secure yourself, a lot of the time you ...
Propagation: An attack could spread laterally through interconnected elements in a supply chain, providing further infiltration and control by attackers. Execution: Attackers then carry out their primary objective -— whether data theft, system disruption, or some other malicious purpose ...
Software supply chain security involves safeguarding software components, activities and practices during creation and deployment, including third-party code and interfaces. Explore how organizations can ensure supply chain security and provide proof to
Unfortunately, in this case, Darktrace was not configured in Autonomous Response mode at the time of the attack, meaning actions had to be manually applied by the customer’s security team. Had it been fully enabled, it would have held the emails, preventing them from reaching the ...
Despite significant technological progress in addressing complex security threats, the key to preventing the next attack lies in adhering to fundamental security principles. It’s essential to ensure the software ecosystem is secure, focusing on protecting .NET developers who design, build, and ma...
WhetherSolarWinds in 2019or theKaseyaandLog4jattacks of 2021, all demonstrate the reach of such attacks and the damage they can inflict. According to SolarWinds, up to 18,000 customers may have downloaded the malware. The Kaseya ransomware attack impacted1,500 companies and involved a $50 milli...
Like other hacking incidents, a well-executed software supply chain attack can spread rapidly. The following examples weaponized automatic software updates to infect computers in large and small companies in countries all over the world and highlight how they have evolved over t...