Black Lotus Labs has discovered a new strain a malware, they are calling it Chaos. The new is very telling – the malware is infecting a wide range of devices and servers, Linux, Windows, small office routers etc. One of the servers infected was hosting an instance of GitHub, bringing …
Back to the supply chain and software compromise
When a threat actor compromises the coding of software the problems can be widepread – the SolarWinds attack and subsequent distribution of the infected software through legitimate update channels is a classic example. (Ironic but the SolarWinds customers who avoided the attack, were those with a poor cyber security stance …
Continue reading “Back to the supply chain and software compromise”
Google elite bug bounty program
I have written before about how good “bug bounties” are for improving everyone’s cyber security, rewarding the white hat hackers and researchers for their work. The Open Source Software Vulnerability Rewards Program (OSS VRP) Now Google has launched a bug bounty program that rewards the ethical technologists for finding and …
Software repositories are a target for threat actors
If you, as a threat actor, could embed your malware into a software module, that is then used by many innocent and unaware software developers in their packages, they release to the general public, wouldn’t you? That looks like a lot of infected machines for a small amount of work. …
Continue reading “Software repositories are a target for threat actors”
GitHub urges an update to patch security loopholes
Keeping your software up to date is important for all of us – doubly so if you are the people producing the code: GitLab ‘strongly recommends’ patching critical RCE vulnerability (bleepingcomputer.com)