Cybersecurity Starts in the Boardroom
The first is that threat actors have compromised a media company and are using its infrastructure to distribute malware: Hundreds of U.S. news sites push malware in supply-chain attack (bleepingcomputer.com) The company has not yet been named but the attack has impacted to many hundreds of news sites. The second …
Continue reading “A couple of stories about supply chain compromise”
When a threat actor compromises the coding of software the problems can be widepread – the SolarWinds attack and subsequent distribution of the infected software through legitimate update channels is a classic example. (Ironic but the SolarWinds customers who avoided the attack, were those with a poor cyber security stance …
Continue reading “Back to the supply chain and software compromise”
Software depositories are a prime target for threat actors, especially those offering modules that other developers include in their software. Here is an attack aimed at a Python repository: Malicious PyPi packages aim DDoS attacks at Counter-Strike servers (bleepingcomputer.com) How secure is open source software? Do you use open source …
The original post was made on 12 May 2022 Update 24 May 2022 Python is a popular coding language and many code libraries exist to make the programmer’s life a little easier. But as indicated in the articles below if that open source code becomes popular, then it also becomes …
Continue reading “Our trust in public code – UPDATED 24 May 2022”
If you do not know what a BTC address is then this this particular demonstration of of a Python hack will not impact you. If you do use bitcoin or other cryptocurrency then have a look at this SANS blog by Xme: Multi-Cryptocurrency Clipboard Swapper – SANS Internet Storm Centre …
Continue reading “What can a hacker do? Swap your BTC address for theirs, when you copy and paste!”
