Poisoned Python and PHP packages purloin passwords for AWS access

By Paul Ducklin — May 24^th 2022 at 23:04

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

Naked Security

RubyGems supply chain rip-and-replace bug fixed – check your logs!

By Paul Ducklin — May 9^th 2022 at 15:41

Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".

ruby-1200

Naked Security

GitHub issues final report on supply-chain source code intrusions

By Paul Ducklin — April 29^th 2022 at 16:15

Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.

Naked Security

Beanstalk cryptocurrency heist: scammer votes himself all the money

By Paul Ducklin — April 19^th 2022 at 16:00

Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.

Naked Security

Wormhole cryptotrading company turns over $340,000,000 to criminals

By Paul Ducklin — February 4^th 2022 at 17:38

It was the best of blockchains, it was the worst of blockchains... as Charles Dickens might have said.

Naked Security

S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]

By Paul Ducklin — January 13^th 2022 at 15:26

Latest episode -listen to it or read it now!

Naked Security

JavaScript developer destroys own projects in supply chain “lesson”

By Paul Ducklin — January 11^th 2022 at 00:54

Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.

Naked Security

Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks

By Paul Ducklin — October 25^th 2021 at 16:38

Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.