all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Developer account body snatchers pose risks to the software supply chain

Add to bookmarks
Oct. 4, 2022, 12:51 p.m. | Jaeson Schultz (noreply@blogger.com)

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence blog.talosintelligence.com



By Jaeson Schultz.
  • Over the past several years, high-profile software supply chain attacks have increased in frequency. These attacks can be difficult to detect and source code repositories became a key focus of this research.
  • Developer account takeovers present a substantial risk to the software supply chain because attackers who successfully compromise a developer account could conceal malicious code in software packages used by others.
  • Talos analyzed several of the major software repositories to assess the level of developer …

account developer on the radar risks software software supply chain supply supply chain

Visit resource

More from blog.talosintelligence.com / Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

The private sector probably isn’t coming to save the NVD 2 days, 22 hours ago | blog.talosintelligence.com
arcanedoor coming cybercrime isn +9
Talos IR trends: BEC attacks surge, while weaknesses in MFA persist 3 days, 4 hours ago | blog.talosintelligence.com
adversaries attacks bec bec attacks +17
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices 4 days ago | blog.talosintelligence.com
apt campaign campaigns devices +15
Suspected CoralRaider continues to expand victimology using three information stealers 5 days, 4 hours ago | blog.talosintelligence.com
apt argument bypass command +17
What’s the deal with the massive backlog of vulnerabilities at the NVD? 1 week, 2 days ago | blog.talosintelligence.com
backlog current deal management +10
Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation? 1 week, 2 days ago | blog.talosintelligence.com
account blocked court disinformation +8
OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal 1 week, 4 days ago | blog.talosintelligence.com
cisco cisco talos code confidential +20
Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials 1 week, 5 days ago | blog.talosintelligence.com
attacks brute brute-force cisco +24
The internet is already scary enough without April Fool’s jokes 2 weeks, 2 days ago | blog.talosintelligence.com
april backdoor community internet +7

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Network Security Engineer

@ Meta | Menlo Park, CA | Remote, US
View on infosec-jobs.com

Security Engineer, Investigations - i3

@ Meta | Washington, DC
View on infosec-jobs.com

Threat Investigator- Security Analyst

@ Meta | Menlo Park, CA | Seattle, WA | Washington, DC
View on infosec-jobs.com

Security Operations Engineer II

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Engineering -- Tech Risk -- Global Cyber Defense & Intelligence -- Bug Bounty -- Associate -- Dallas

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com
View more jobs