Newsletter
Supply chain attacks are an emerging threat that targets software designers and suppliers. The objective is to access source codes, build processes, or update mechanisms by infecting fair apps to disseminate malware. The threats are alarming and continuously hitting the cyber market. Supply chain attacks are diverse and impact various industries. For example, the manufacturing industry has witnessed massive cyber security attacks by tampering with a company’s manufacturing processes, either by hardware or software.
Due to the weak links in the supply chain, criminals get access to organization data and systems to infiltrate overall digital infrastructure. Installing Malware at any stage of the supply chain can cause either disruptions or outages of an organization’s services. Therefore, manufacturers must be aware of many familiar sources of supply chain attacks, for example, commercial software, open-source supply chains, and foreign products.
Hackers are using the compromised infrastructure of an unrevealed media company to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S.
Researchers have discovered over two dozen Python packages on the PyPI registry pushing info-stealing malware.
Most of these contain obfuscated code that drops "W4SP" info-stealer on infected machines, while others use malware purportedly created for "educational purposes" only.
Cyberpunks have insinuated malware in multiple attachments from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
The intruders took command of FishPig's server infrastructure. Then, they counted malicious code to the merchant's software to achieve access to websites using the products in what is expressed as a supply-chain attack.
Related tags – supplychain, risks, supplychainattack, security, infrastructure, data, malware, opensource, services