supply chain attack

3CX’s supply chain attack was caused by… another supply chain attack

The incident responders investigating how hackers carried out a complex supply-chain attack targeting enterprise phone provider 3CX say the company was compromised by another supply chain attack. 3CX

3CX blames North Korea for supply chain mass-hack

Enterprise phone provider 3CX has confirmed that North Korea–backed hackers were behind last month’s supply chain attack that appeared to target cryptocurrency companies. 3CX, which provides onlin

There’s a new supply chain attack targeting customers of a phone system with 12 million users

Multiple security firms have sounded the alarm about an active supply chain attack that’s using a trojanized version of 3CX’s widely used voice and video-calling client to target downstream cu

Software supply chain security is broader than SolarWinds and Log4J

Here's a comprehensive look at some of the lesser-known, but no less serious, types of software supply chain attacks.

Microsoft disrupts Iranian-linked hackers targeting organizations in Israel

Microsoft said on Thursday that it has successfully “identified and disabled” a previously unreported Lebanon-based hacking group that it believes is working with Iranian intelligence.  T

Viasat cyberattack blamed on Russian wiper malware

The recent cyberattack on U.S. satellite communications provider Viasat, an incident that triggered satellite service outages across central and eastern Europe, was likely the result of destructive wi

Vicarius raises $24M to build out its vulnerability remediation platform

Vicarius, a New York-based startup that has developed an autonomous vulnerability remediation platform, has raised $24 million in Series A funding to protect organizations from the next major supply-c

Cycode raises $56M Series B to help secure software supply chains

Cycode, a startup that helps businesses secure their DevOps pipelines and software supply chains, today announced that it has raised a $56 million Series B funding round led by Insight Partners. YL Ve

Checkmarx acquires open-source supply chain security startup Dustico

Checkmarx, an Israeli provider of static application security testing (AST), has acquired open-source supply chain security startup Dustico for an undisclosed sum.  Founded in 2020, Dustico provides

Passwordstate customers complain of silence and secrecy after cyberattack

It has been over three months since Click Studios, the Australian software house behind the enterprise password manager Passwordstate, warned its customers to “commence resetting all passwords.&

Biden’s executive order on cybersecurity should include behavior transparency

The cyber executive order, alongside sanctions on Russia, are strong indications the Biden administration intends to take a far more proactive approach to cybersecurity. But it's not quite enough.

SolarWinds hackers targeted NASA, Federal Aviation Administration networks

Hackers are said to have broken into the networks of U.S. space agency NASA and the Federal Aviation Administration as part of a wider espionage campaign targeting U.S. government agencies and private

After the FireEye and SolarWinds breaches, what’s your failsafe?

Breaches of this magnitude are going to happen. If they’re something your organization needs to be resilient against, then it’s best to be prepared for them.

Just how bad is that hack that hit US government agencies?

"There’s not a single organization who can claim cybersecurity perfection."

Hackers dropped a secret backdoor in Asus’ update software

Hackers targeted and compromised “hundreds of thousands” of Asus computer owners by pushing a backdoored update software tool from the company’s own servers. The bombshell claims, fi

CCleaner supply chain malware targeted tech giants

Malware that piggybacked on CCleaner, a popular free software tool for optimizing system performance on PCs, appears to have specifically targeted high profile technology companies and may have been a