Codecov Affected by Supply-Chain Attack; Notifies Customers
Microsoft Warns of 25 Critical Memory-Allocation Vulnerabilities in IoT Devices
Babuk Gang to Focus on Data-Theft Extortion instead of Ransomware
Information of 22 Million ParkMobile Customers Released for Free on Hacking Forum
Musical Instrument Marketplace Reverb Discloses Data Breach
Code coverage and software auditing company Codecov recently suffered a supply-chain attack where a threat actor gained access to its Bash Uploader script, altering it to exfiltrate sensitive information from customer environments. Threat actors gained credentials to modify the script by taking advantage of weaknesses in Codecov’s Docker image creation process.
Codecov discovered the compromise on April 1 and began notifying affected customers and providing IOCs on April 30. However, investigation shows the attack first began unnoticed in late January. U.S. federal authorities have also now joined the investigation. Hundreds of cust
A patch has been issued for a serious vulnerability that affects PHP Composer - a tool used to manage and install software dependencies in the PHP ecosystem.
iTWire Friday, 30 April 2021 10:34 Password firm blames customers for posting advisories on social media
Shares Image by WAQAR AHMAD from Pixabay
The Australian company behind a password manager that was subjected to a supply chain attack is blaming customers who post its advisories about the attack on social media, claiming this may lead to related attacks.
Adelaide-based
an advisory posted on Wednesday: The number of affected customers is still very low. Only customers that performed In-Place Upgrades between the times stated above are believed to be affected. Customers are requested not to post Click Studios correspondence on Social Media. It is expected that the bad actor is actively monitoring Social Media, looking for information they can use to their advantage, for related attacks.
Cyber security and the power of analogy at Westminster and Kensington & Chelsea councils
Storytelling is the key to effective cyber security says interim head of cyber Zakki Ghuari The real reason you ve got brakes on a car is to let you go safely at speed
Effective cyber security begins with good communication. Explaining the risks to people and making them feel confident of handling or escalating incidents is every bit as important as installing the latest firewalls, network monitoring and anti-malware systems.
Zakki Ghauri, interim head of cyber security & information governance at London s Royal Borough of Kensington and Chelsea and Westminster City Council, has made cyber risk communication something of a mission. As someone whose background is change management and transformation rather than cyber security, he says he approaches the issue from a different angle than a typical CISO.
HashiCorp is the latest victim of Codecov supply-chain attack
By
02:16 AM
Open-source software tools and Vault maker HashiCorp has disclosed a security incident that occurred due to the recent Codecov attack.
HashiCorp, a Codecov customer, has stated that the recent Codecov supply-chain attack aimed at collecting developer credentials led to the exposure of HashiCorp s GPG signing key.
The private key is used by HashiCorp to sign and verify software releases, and has since been rotated as a precaution.
HashiCorp discloses code-signing key compromise
This week, HashiCorp, a notable open-source software tools and infrastructure provider, disclosed that the recent Codecov supply-chain attack had impacted a subset of their Continuous Integration (CI) pipelines.