We have many clients who have their own software or have custom software on their website or web apps written for them by developers. These developers may or may not reuse code or modules written by third party developers and sourced through a software repository – such as GitHub or …
Two stories about GitHub
GitHub is a code development environment and code repository used around the world by many software developers and well known applications. Consequently it is also a prime target for threat actors who if they can get inside the development of packages can infect many unsuspecting users. The collaboration tool Slack …
If you have a Dropbox account, change your password
Dropbox reported a cyber attack on 1 November 2022 which they are investigating as they cannot yet tell how the bad actor gained access. The attacker not only garnered the names and email addresses of Dropbox employees, they also managed to access source code. So far, the number of users …
Continue reading “If you have a Dropbox account, change your password”
Software supply chain weaknesses
Software and code repositories are a great resource for web and software developers – they save time, client’s money and get quality modules for their projects. GitHub is one of the most popular – with many major software players using it to develop their code and other developers, large and …
A couple of stories about supply chain compromise
The first is that threat actors have compromised a media company and are using its infrastructure to distribute malware: Hundreds of U.S. news sites push malware in supply-chain attack (bleepingcomputer.com) The company has not yet been named but the attack has impacted to many hundreds of news sites. The second …
Continue reading “A couple of stories about supply chain compromise”