supply chain attack
Backdoor in RFID Cards for Offices, Hotels Can Lead to Instant Cloning
A backdoor found in millions of Chinese-made RFID cards that are used by hotels and other businesses around the world can let bad actors instantly clone the cards to gain unauthorized access ...
The U.S. Bans Kaspersky Antivirus, WordPress Plugin Supply Chain Attacks
In episode 336 of the Shared Security Podcast, we discuss the Biden administration’s recent ban on Kaspersky antivirus software in the U.S. due to security concerns linked to its Russian origins. We ...
Python Developers Targeted Via Fake Crytic-Compilers Package
As per recent reports, cybersecurity experts uncovered a troubling development on the Python Package Index (PyPI) – a platform used widely by developers to find and distribute Python packages. A malicious package ...
CERT-UA Reports SickSync Campaign: Data Theft Crucial Alert
Recently, the Computer Emergency Response Team of Ukraine cybersecurity (CERT-UA) issued a warning regarding a targeted cyber espionage campaign named SickSync, orchestrated by a group identified as UAC-0020 or Vermin. The CERT-UA ...
Courtroom Recording Software Compromised in Supply Chain Attack
Threat actors compromised a popular audio-visual software package used in courtrooms, prisons, government, and lecture rooms around the world by injecting a loader malware that gives the hackers remote access to infected ...
Ledger Supply Chain Breach: $600,000 Theft Unveiled
Recent events have brought to light the Ledger supply chain breach, a cybercrime incident that led to the theft of $600,000 in virtual assets. For those who don’t know, Ledger is a ...
Navigating Open-Source Supply Chain Threats: Protecting Your Software Ecosystem
In today’s business world, companies are determined to create software faster than ever before. Developers are under immense pressure to deliver products to customers quickly. To accelerate this process, developers often rely ...
GitHub Repositories Victimized Amid Supply Chain Attack
In a digital landscape rife with vulnerabilities, a recent and disconcerting phenomenon has come to light. GitHub repositories, the foundation of numerous software projects, have been victimized by a devious supply chain ...
MOVEit Cyberattack, The Problem with Password Rotations, Military Alert on Free Smartwatches
Several major organizations, including British Airways and the BBC, fell victim to the recent MOVEit cyberattack. We discuss the alarming trend of hackers targeting trusted suppliers to gain access to customer data, ...
Lazarus Assault Via 3CX Exposes Need to Rethink Security
When North Korean threat actors the Lazarus Group exploited a legitimate update to the 3CXDesktopApp—a softphone application from 3CX—security professionals didn’t initially pick up on the import of the activity and tactics ...
