Rapid7 says that the Codecov supply chain attack exposed source code repositories for internal tools used for the Managed Detection and Response (MDR) service,and a subset of its customers’ data.
The supply chain attack method leverages commonly-used dependency managers and private or non-existent dependencies to install malicious code and backdoors in internal applications.
CISA says that SolarWinds hack possibly affected federal, state, and local government agencies and critical infrastructure entities dealing with gas, electricity, and manufacturing.
A very commonly used VoIP telephony system has been compromised via trojans snuck in through an open source component, and the supply chain attack puts over half a million global businesses at risk.
Vulnerable IT service providers are becoming entry points for supply chain attacks as seen in the recent attack on Wipro. The attack follows closely after Wipro CEO declares "security cannot be a show stopper for business priorities".
Cybersecurity professionals were left in the dark as the SolarWinds attack unfolded. Looking at how this could have been prevented, three distinct vulnerabilities stand out.
No More Content