supply chain – WindowsTechs.com

Ultralytics Supply-Chain Attack

Posted on December 13, 2024 by Bruce Schneier

Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary:

On December 4, a malicious version 8.3.41 of the popular AI library ultralytics —which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the project’s build environment was achieved by exploiting a known and previously reported GitHub Actions script injection.

Lots more details at that link. Also …

Continue reading Ultralytics Supply-Chain Attack→

Containers have 600+ vulnerabilities on average

Posted on December 11, 2024 by Help Net Security

Containers are the fastest growing – and weakest cybersecurity link – in software supply chains, according to NetRise. Companies are struggling to get container security right. Issues from misconfigured clouds, containers, and networks to u… Continue reading Containers have 600+ vulnerabilities on average→

Top 5 Cyber Security Trends for 2025

Posted on December 2, 2024 by Fiona Jackson

TechRepublic asked cyber experts to predict the top trends that will impact the security field in 2025. Continue reading Top 5 Cyber Security Trends for 2025→

Starbucks, Supermarkets Targeted in Ransomware Attack

Posted on November 27, 2024 by Fiona Jackson

In December, ransomware group Termite claimed responsibility for the attacks. Continue reading Starbucks, Supermarkets Targeted in Ransomware Attack→

Evaluating your organization’s application risk management journey

Posted on November 12, 2024 by Mirko Zorz

In this Help Net Security interview, Chris Wysopal, Chief Security Evangelist at Veracode, discusses strategies for CISOs to quantify application risk in financial terms. Wysopal outlines the need for continuous risk management practices and robust str… Continue reading Evaluating your organization’s application risk management journey→

Effective strategies for measuring and testing cyber resilience

Posted on October 23, 2024 by Mirko Zorz

In this Help Net Security interview, Detective Superintendent Ian Kirby, CEO of the National Cyber Resilience Centre Group (NCRCG), discusses the emerging cyber threats and strategies organizations can use to increase cyber resilience. He emphasizes ba… Continue reading Effective strategies for measuring and testing cyber resilience→

Malicious packages in open-source repositories are surging

Posted on October 10, 2024 by Christian Vasquez

The open-source ecosystem is being overrun by malicious packages, a new report from Sonatype finds.

The post Malicious packages in open-source repositories are surging appeared first on CyberScoop.

Continue reading Malicious packages in open-source repositories are surging→

More frequent disruption operations needed to dent ransomware gangs, officials say

Posted on September 30, 2024 by Tim Starks

The comments from White House and ODNI officials ahead of a Counter Ransomware Initiative summit come as the gangs prove difficult to keep down.

The post More frequent disruption operations needed to dent ransomware gangs, officials say appeared first on CyberScoop.

Continue reading More frequent disruption operations needed to dent ransomware gangs, officials say→

Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyberattacks

Posted on September 26, 2024 by Torsten George

As organizations have fortified their defenses against direct network attacks, hackers have shifted their focus to exploiting vulnerabilities in the supply chain to gain backdoor access to systems.
The post Fortifying the Weakest Link: How to Safeguard… Continue reading Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyberattacks→

Transportation, logistics companies targeted with lures impersonating fleet management software

Posted on September 24, 2024 by Zeljka Zorz

Financially motivated threat actors are targeting North American companies in the transportation and logistics sector with tailored lures, info-stealing malware, and a clever new trick. How the attack unfolds According to Proofpoint threat researchers,… Continue reading Transportation, logistics companies targeted with lures impersonating fleet management software→