The most famous supply chain attack of the last few years was the SolarWinds attack. That attack was a home run for the Russians. Other hackers (or maybe the same ones) thought that was a great attack vector. Now it seems to have become quite popular. Then came DevOps tool provider Codecov. Hackers compromised Codecov, […]
Continue reading → [DISPLAY_ACURAX_ICONS]Supply chain attacks are attacks on the software (and hardware) that goes into the software (and hardware) that you buy. We keep seeing attacks that compromise that underlying software. Earlier this year, it was Ripple20 that affected millions of IoT devices. Many of those devices will likely never be patched and will be vulnerable forever. […]
Continue reading → [DISPLAY_ACURAX_ICONS]While I have reported about software supply chain attacks in the past, they have all been one-off and in some cases highly targeted attacks. The FBI has issued a warning about ongoing, large scale, software supply chain attacks. The attackers are using the Kwampirs malware to install a Remote Access Trojan or RAT. The FBI […]
Continue reading → [DISPLAY_ACURAX_ICONS]