Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup.

The post PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found appeared first on Security Boulevard.

Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform, including members of the popular Top.gg community that includes more than 170,000 members. The attackers used a range of tactics and techniques, from leveraging stolen browser cookies to take over accounts to contributing malicious code with..

The post Complex Supply Chain Attack Targets GitHub Developers appeared first on Security Boulevard.

Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times.

The post GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL appeared first on Security Boulevard.

Software developers are being targeted with malicious packages in npm and PyPI as threat groups launch software supply-chain attacks.

The post Malicious Packages in npm, PyPI Highlight Supply Chain Threat appeared first on Security Boulevard.

Threat actors are finding new ways to take advantage of GitHub in hopes of tricking developers into putting malicious code into their software and sending to users downstream, according to researchers with ReversingLabs. Code repositories like GitHub and Python Package Index (PyPI) are popular targets for hackers who want to abuse the software supply chain..

The post Attackers Finding Novel Ways to Abuse GitHub: ReversingLabs appeared first on Security Boulevard.

The cybersecurity agencies in the UK and South Korea are warning of the growing threat of North Korea-linked threat groups using zero-day and third-party exploits to launch software supply-chain attacks. The hackers are targeting products that are widely used by government organizations, financial institutions, and defense industry companies around the world, the UK’s National Cyber..

The post UK, South Korea Warn of North Korea Supply-Chain Attacks appeared first on Security Boulevard.

The rise in sophisticated supply chain cyberattacks doesn’t just affect enterprises; there are also impacts on the insurance industry and on enterprises’ cyberinsurance costs. What is a software supply chain attack? Software supply chain attacks are cyberattacks against an organization’s software supply chain infrastructure and process. In such attacks, the attacker gains access to a..

The post Supply Chain Attacks and Cyberinsurance appeared first on Security Boulevard.

Threats from the U.S. government apparently weren’t enough to keep Nobelium, the group behind the SolarWinds campaign, away from the vulnerable global IT supply chain—Microsoft said the threat actors, affiliated with Russian intelligence unit SVR, have attacked at least 140 managed service providers (MSPs) and cloud service providers, with 14 known breaches since May 2021...

The post Russia’s Nobelium Supply Chain Attacks Force U.S. Government’s Hand appeared first on Security Boulevard.

Two mega-breaches caused by third parties earlier this year, following the SolarWinds supply chain hack created a growing tsunami of third-party risk for enterprises and government organizations. Security software provider Accellion also suffered a breach in their FTA tool which caused many of their clients to have their data exposed to hackers. A number of..

The post Accellion Data Breach Highlights Third-Party Risk appeared first on Security Boulevard.

After publicly exposed MongoDB databases, Amazon AWS S3 buckets and Redis instances, researchers now warn that a considerable number of etcd servers are also publicly accessible and contain sensitive credentials that could provide access to additional systems. The warning came late last week from security researcher Giovanni Collazo, who found 2,284 etcd servers reachable from..

The post Over 2K Publicly Accessible Etcd Servers Leak Sensitive Credentials appeared first on Security Boulevard.