The first is that threat actors have compromised a media company and are using its infrastructure to distribute malware:
Hundreds of U.S. news sites push malware in supply-chain attack (bleepingcomputer.com)
The company has not yet been named but the attack has impacted to many hundreds of news sites.
The second story is about another compromise on a software repository – this time it is one storing and distributing Python code:
Dozens of PyPI packages caught dropping ‘W4SP’ info-stealing malware (bleepingcomputer.com)
Both of these attacks reach victims, who will unaware, because they take a service from a company that has let its cyber security guard down.
In the case of the first story, the front-line news sites are getting the negative publicity associated with a cyber security incident, whilst the real villain, the media organisation that has enabled the threat actors is hiding behind anonymity.
However it is the second story that may impact you directly. Do you have custom code written for you, either for your website or for an app? If so, do you know if your software or website developers are using the compromised code from PyPi?
You should.
Clive Catton MSc (Cyber Security) – by-line and other articles
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
