Software Supply Chain Security - Security Boulevard

PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found

Richi Jennings — Fri, 29 Mar 2024 17:19:26 +0000

Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup.

The post PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found appeared first on Security Boulevard.

Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data

Richi Jennings — Wed, 27 Mar 2024 17:14:37 +0000

Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit.

The post Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data appeared first on Security Boulevard.

China Steals Defense Secrets ‘on Industrial Scale’

Richi Jennings — Mon, 25 Mar 2024 17:08:40 +0000

UNC5174 ❤ UNC302: CVSS 10 and 9.8 vulnerabilities exploited by Chinese threat actor for People’s Republic.

The post China Steals Defense Secrets ‘on Industrial Scale’ appeared first on Security Boulevard.

Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys

Richi Jennings — Fri, 22 Mar 2024 18:56:32 +0000

GoFAIL: Researchers worm their way into broken cache-filling microcode in most Macs and iPads.

The post Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys appeared first on Security Boulevard.

Google Splashes the Cash in Bug Bounty Bonanza: $59 Million to Date

Richi Jennings — Wed, 13 Mar 2024 16:57:09 +0000

Wanna be a VRP VIP? Last year, $GOOG paid $10 million to ethical hackers for finding vulnerabilities.

The post Google Splashes the Cash in Bug Bounty Bonanza: $59 Million to Date appeared first on Security Boulevard.

Mitigating Lurking Threats in the Software Supply Chain

Joey Stanford — Tue, 12 Mar 2024 13:00:47 +0000

The first step to addressing software supply chain vulnerabilities and threats is to understand the most common attacks. Here's where to start.

The post Mitigating Lurking Threats in the Software Supply Chain appeared first on Security Boulevard.

Irony of Ironies: CISA Hacked — ‘by China’

Richi Jennings — Mon, 11 Mar 2024 17:17:53 +0000

Free rides and traffic jams: U.S. Cybersecurity and Infrastructure Security Agency penetrated in February, via vuln in Ivanti.

The post Irony of Ironies: CISA Hacked — ‘by China’ appeared first on Security Boulevard.

Self-Replicating AI Malware is Here😱 #ComPromptMized

Richi Jennings — Tue, 05 Mar 2024 18:34:26 +0000

Skrik: Researchers worm themselves into your nightmares.

The post Self-Replicating AI Malware is Here😱 #ComPromptMized appeared first on Security Boulevard.

Cheap Video Doorbell Cams: Tools of Stalkers and Thieves

Richi Jennings — Fri, 01 Mar 2024 16:43:56 +0000

EKEN IoT FAIL: Amazon, Sears and Shein still sell security swerving stuff.

The post Cheap Video Doorbell Cams: Tools of Stalkers and Thieves appeared first on Security Boulevard.

GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL

Richi Jennings — Thu, 29 Feb 2024 16:37:11 +0000

Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times.

The post GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL appeared first on Security Boulevard.