Supply Chain Attacks

I am always alerting you to the cyber security issues that WordPress and WordPress plugin report – many of you use WordPress and need to be alert to these breaches in your cyber security. Or at least someone in your organisation or supply chain – if you use a thrid-party to manage your internet presence – needs to deal with these problems.

Here is another WordPress vulnerability that impacts many thousands of users and will need dealing with, if it impacts you.

Plugins on WordPress.org backdoored in supply chain attack (bleepingcomputer.com)

But is does not stop with WordPress what other code have you had written for you either in apps or online web apps. Do you know? Many developers use code banks to access reliable snippets of code to make their developement process easier (and cheaper for you), but these code banks can be a target for threat actors.

Polyfill.io JavaScript supply chain attack impacts over 100K sites (bleepingcomputer.com)

You need to have these types of situations covered in your cyber security planing.

Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

How much are you relying on your web designer to protect your reputation?

What is involved in an IT and Cyber Security Audit?