Cybersecurity Starts in the Boardroom
Bruse Schneier has an interesting article out today, describing how a Russian company that produces code that is included in thousands of smartphone apps, both iOS and Android, masquerades as an US company. Russian Software Company Pretending to Be American – Schneier on Security There is no suggestion of wrong …
Continue reading “The supply chain is complicated – which is why it is vulnerable to exploitation”
Software and code repositories are a great resource for web and software developers – they save time, client’s money and get quality modules for their projects. GitHub is one of the most popular – with many major software players using it to develop their code and other developers, large and …
GitHub is one of the most popular software repositories so it stands to reason that threat actors will always be searching for ways in as infecting code at source that is then reused in multiple applications is a cost-effective way to run a cyber attack. GitHub has just patched a …
Continue reading “GitHub – probably one of the biggest targets for threat actors”
It is actually a serious cyber security incident, with many questions for Toyota to answer. An outsourced developer left crucial security information, that could have exposed hundreds of thousands of customer records on a public facing repo on GitHub. This was done in 2017 and only discovered in September 2022, …
Continue reading “Supply Chain slip up… Something like this could easily happen to you…”
The SolarWinds attack, where the threat actors got inside SolarWinds’ systems and added their malicious code to a legitimate software update, so having SolarWinds distribute this malware to many of its high and low profile customers around the world, seems a long time ago now. But at least in this …
