supply chain Archives - Developer Tech News

Entry points threaten multiple open-source ecosystems

Ryan Daws — Mon, 14 Oct 2024 13:58:48 +0000

While current tools have improved at detecting common tactics for exploiting open-source packages, a feature remains largely overlooked: entry points. Security researchers at Checkmarx uncovered how attackers can leverage entry points across multiple programming ecosystems, with a particular focus on PyPI, to trick victims into running malicious code. This method – while not allowing for... Read more »

The post Entry points threaten multiple open-source ecosystems appeared first on Developer Tech News.

Images weaponised in latest supply chain attack

Ryan Daws — Tue, 16 Jul 2024 15:23:38 +0000

A series of malicious packages disguised as legitimate software have been discovered in the npm registry by cybersecurity firm Phylum. The packages – identified on 13 July 2024 – contained hidden command and control functionality embedded within image files, executed during the installation process. Phylum researchers uncovered two packages in this campaign, with one named... Read more »

The post Images weaponised in latest supply chain attack appeared first on Developer Tech News.

CocoaPods flaws highlight growing supply chain risks

Ryan Daws — Tue, 02 Jul 2024 15:02:36 +0000

Security researchers at E.V.A Information Security have uncovered several critical vulnerabilities in CocoaPods, a popular dependency manager for Swift and Objective-C projects. These vulnerabilities potentially expose millions of Apple devices to supply chain attacks, highlighting the growing risks associated with open-source software dependencies. CocoaPods, used in over three million mobile apps, plays a crucial role... Read more »

The post CocoaPods flaws highlight growing supply chain risks appeared first on Developer Tech News.

GitHub’s 2FA rollout boosts supply chain security

Ryan Daws — Thu, 25 Apr 2024 11:31:30 +0000

In a push to enhance the security of the software supply chain, GitHub has successfully rolled out mandatory two-factor authentication (2FA) for code contributors on its platform. GitHub’s 2FA rollout – announced in May 2022 – aimed to address the critical first link in the software supply chain by securing the developers responsible for designing,... Read more »

The post GitHub’s 2FA rollout boosts supply chain security appeared first on Developer Tech News.

Mathew Payne, GitHub: Protecting code while nurturing user experience

Ryan Daws — Fri, 18 Aug 2023 13:54:35 +0000

Developer caught up with Mathew Payne, Principal Field Security Specialist at GitHub, to discuss the platform’s security strategies and how they aim to strike a balance between robustness and a seamless user experience. At the heart of GitHub’s security philosophy lies a commitment to safeguarding user code. Payne emphasised that a major focus is on... Read more »

The post Mathew Payne, GitHub: Protecting code while nurturing user experience appeared first on Developer Tech News.

Checkmarx uncovers supply chain attacks targeting banking

Ryan Daws — Fri, 21 Jul 2023 12:24:45 +0000

Checkmarx has uncovered a new and sophisticated cyber threat targeting the banking sector. The security testing firm’s research team detected two distinct open-source software supply chain attacks targeting financial institutions. These attacks, which involved advanced techniques and deceptive tactics, have raised alarm bells among cybersecurity experts. Attack one: NPM The first attack occurred on April... Read more »

The post Checkmarx uncovers supply chain attacks targeting banking appeared first on Developer Tech News.

Visual Studio Marketplace is the latest supply chain attack vector

Ryan Daws — Mon, 09 Jan 2023 14:14:15 +0000

Aqua Security researchers have found that hackers are using Visual Studio Marketplace to conduct supply chain attacks. In a new report, the researchers uncovered that attackers could impersonate popular VS Code extensions to trick developers into downloading malicious versions. VS Code is the most popular IDE, with around 74.48 percent of developers using it. The... Read more »

The post Visual Studio Marketplace is the latest supply chain attack vector appeared first on Developer Tech News.

GitHub will mandate 2FA to help secure the software supply chain

Ryan Daws — Wed, 04 May 2022 15:03:45 +0000

GitHub will require all users who contribute code on the platform to use 2FA as part of its latest security improvements. Attacks on the software supply chain are on the increase. GitHub, which has over 83 million code-contributing users, is stepping up to the plate to protect developers and the software supply chain with this... Read more »

The post GitHub will mandate 2FA to help secure the software supply chain appeared first on Developer Tech News.

Large-scale supply chain attack used 218 malicious NPM packages

Ryan Daws — Thu, 24 Mar 2022 14:32:40 +0000

A large-scale supply chain attack has been uncovered that used 218 malicious NPM packages. Researchers from JFrog claim that several of their automated analysers started throwing up alerts regarding a set of packages in the npm registry earlier this week. Over a few days, the number of packages swelled from around 50 packages to more... Read more »

The post Large-scale supply chain attack used 218 malicious NPM packages appeared first on Developer Tech News.

Software supply chain attacks increased over 300% in 2021

Ryan Daws — Thu, 20 Jan 2022 13:54:28 +0000

We all knew there was an increase in software supply chain attacks in 2021, but a new study has quantified just how bad things got. Argon Security – recently acquired by Aqua Security – published the latest edition of its annual Software Supply Chain Security Review this week. The headline stat from Argon’s report that... Read more »

The post Software supply chain attacks increased over 300% in 2021 appeared first on Developer Tech News.