It is a while since I have written about the issue of compromising code in software repositories being an attack vestor for threat actor bit it has not gone away. Malicious Microsoft VSCode extensions steal passwords, open remote shells (bleepingcomputer.com) Software and web developers everywhere will access code from these …
Supply chain vulnerability
We have many clients who have their own software or have custom software on their website or web apps written for them by developers. These developers may or may not reuse code or modules written by third party developers and sourced through a software repository – such as GitHub or …
Two stories about GitHub
GitHub is a code development environment and code repository used around the world by many software developers and well known applications. Consequently it is also a prime target for threat actors who if they can get inside the development of packages can infect many unsuspecting users. The collaboration tool Slack …
If you have a Dropbox account, change your password
Dropbox reported a cyber attack on 1 November 2022 which they are investigating as they cannot yet tell how the bad actor gained access. The attacker not only garnered the names and email addresses of Dropbox employees, they also managed to access source code. So far, the number of users …
Continue reading “If you have a Dropbox account, change your password”
Software supply chain weaknesses
Software and code repositories are a great resource for web and software developers – they save time, client’s money and get quality modules for their projects. GitHub is one of the most popular – with many major software players using it to develop their code and other developers, large and …
