Cybersecurity Starts in the Boardroom
…and I am writing about code supply chain compromise again this week. PyPi. PyPi is a well-respected repository of python code – I used it myself whilst at uni – but to try and get to grips with the influx of malicious code it has closed its doors to new …
Continue reading “PyPi. I wrote about code supply chain compromise last week…”
Earlier in the week I wrote about the issues with the WordPress plugin Elementor. Now the vulnerabilities I wrote about are being actively scanned for by threat actors: Hackers target vulnerable WordPress Elementor plugin after PoC released (bleepingcomputer.com) Have you or your web designers updated your website? (We have.) Do …
…which makes them a juicy target for threat actors if they can find a bug in code or plugins. That was the topic of yesterday’s article on CyberAwake: Let’s Talk About WordPress – CyberAwake This is an article about governance – not a technical article – so if you are …
It is a while since I have written about the issue of compromising code in software repositories being an attack vestor for threat actor bit it has not gone away. Malicious Microsoft VSCode extensions steal passwords, open remote shells (bleepingcomputer.com) Software and web developers everywhere will access code from these …
As you probably know, if you follow this blog, I was in Edinburgh last week at the 6th Intl. Conference on Big Data, Cybersecurity & Critical Infrastructure held at the Craiglockhart Campus, Edinburgh Napier University. For my post this week I wanted to share one positive thing I got from …
