Showing only posts tagged supply chain attack. Show all posts.

Backdoor slipped into popular code library, drains ~$155k from digital wallets

Source

Hackers pocketed as much as $155,000 by sneaking a backdoor into a code library used by developers of smart contract apps that work with the cryptocurrency known as Solana. The supply-chain attack targeted solana-web3.js, a collection of JavaScript code used by developers of decentralized apps for interacting …

Backdoor found in widely used Linux utility breaks encrypted SSH connections

Source

Enlarge / Internet Backdoor in a string of binary code in a shape of an eye. (credit: Getty Images) Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian. The compression utility, known as …

Backdoor found in widely used Linux utility targets encrypted SSH connections

Source

Enlarge / Internet Backdoor in a string of binary code in a shape of an eye. (credit: Getty Images) Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian. The compression utility, known as …

GitHub besieged by millions of malicious repositories in ongoing attack

Source

Enlarge (credit: Getty Images) GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency from developer devices, researchers said. The malicious repositories are clones of legitimate ones, making them hard to …

10 malicious Python packages exposed in latest repository attack

Source

Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common. (credit: Getty Images) Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries …

Supply chain attack used legitimate WordPress add-ons to backdoor sites

Source

Enlarge (credit: Getty Images) Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on “quite a few” sites running the open source content management system. The backdoor gave the attackers full administrative …

New supply chain attack uses poisoned updates to infect gamers’ computers

Source

Enlarge / Circuit board with speed motion and light. (credit: Getty Images ) Researchers have uncovered a software supply chain attack that is being used to install surveillance malware on the computers of online gamers. The unknown attackers are targeting select users of NoxPlayer, a software package that emulates the Android …