Supply Chain Security Archives

SECURITYWEEK NETWORK:

Security Experts:

Hi, what are you looking for?

Application Security

Chainguard Trains Spotlight on SBOM Quality Problem

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.

Ryan NaraineJanuary 19, 2023

Malware & Threats

Ransomware Attack on DNV Ship Management Software Impacts 1,000 Vessels

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Eduard KovacsJanuary 18, 2023

Supply Chain Security

Critical Git Vulnerabilities Discovered in Source Code Security Audit

A source code security audit led to the discovery of several vulnerabilities in Git, the widely used distributed version control system.

Eduard KovacsJanuary 18, 2023

Data Breaches

18k Nissan Customers Affected by Data Breach at Third-Party Software Developer

Nissan North America told roughly 18,000 customers that their personal information was exposed in a data breach via a third-party provider.

Ionut ArghireJanuary 18, 2023

Supply Chain Security

Oracle’s First Security Update for 2023 Includes 327 New Patches

Oracle's Critical Patch Update for January 2023 includes 327 patches, with more than 70 that address critical-severity vulnerabilities.

Ionut ArghireJanuary 18, 2023

Malware & Threats

PyPI Users Targeted With ‘Wacatac’ Trojan in New Supply Chain Attack

Fortinet warned of three malicious PyPI packages containing code that fetches the Wacatac trojan and information stealer.

Ionut ArghireJanuary 17, 2023

Malware & Threats

Attackers Can Abuse GitHub Codespaces for Malware Delivery

A GitHub Codespaces feature meant to help with code development and collaboration can be abused for malware delivery.

Ionut ArghireJanuary 17, 2023

Cybercrime

PyPI Users Targeted With PoweRAT Malware

Software supply chain security firm Phylum has identified a malicious attack targeting Python Package Index (PyPI) users with the PoweRAT backdoor and information stealer.

Ionut ArghireJanuary 10, 2023

Application Security

Microsoft Flags Ransomware Problems on Apple’s macOS Platform

Security researchers at Microsoft are flagging ransomware attacks on Apple’s flagship macOS operating system, warning that financially motivated cybercriminals are abusing legitimate macOS functionalities...

Ryan NaraineJanuary 9, 2023

Cybercrime

Many of 13 New Mac Malware Families Discovered in 2022 Linked to China

More than a dozen new Mac malware families were discovered in 2022, including information stealers, cryptocurrency miners, loaders, and backdoors, and many of them...

Eduard KovacsJanuary 6, 2023

Application Security

Slack Says Hackers Stole Private Source Code Repositories

Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is...

Eduard KovacsJanuary 5, 2023

Application Security

Malware Delivered to PyTorch Users in Supply Chain Attack

Last week’s nightly builds of the open source machine learning framework PyTorch were injected with malware following a supply chain attack.Now part of the...

Ionut ArghireJanuary 3, 2023