Showing only posts tagged supply chain attacks. Show all posts.

Yearlong supply-chain attack targeting security pros steals 390K credentials

Source

A sophisticated and ongoing supply-chain attack operating for the past year has been stealing sensitive login credentials from both malicious and benevolent security personnel by infecting them with Trojanized versions of open source software from GitHub and NPM, researchers said. The campaign, first reported three weeks ago by security …

Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack

Source

Enlarge (credit: Getty Images ) WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be affected in the campaign, which was active as recently as Monday morning …

Crooks plant backdoor in software used by courtrooms around the world

Source

Enlarge (credit: JAVS) A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer …

What we know about the xz Utils backdoor that almost infected the world

Source

Enlarge (credit: Getty Images) On Friday, a lone Microsoft developer rocked the world when he revealed a backdoor had been intentionally planted in xz Utils, an open source data compression utility available on almost all installations of Linux and other Unix-like operating systems. The person or people behind this …

Hackers backdoor PHP source code after breaching internal git server

Source

Enlarge (credit: BeeBright / Getty Images / iStockphoto ) A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open source project said. Two updates pushed to the PHP Git server …