DevPhish: Exploring Social Engineering in Software Supply Chain Attacks on Developers | allinfosecnews.com

Feb. 29, 2024, 5:11 a.m. | Hossein Siadati, Sima Jafarikhah, Elif Sahin, Terrence Brent Hernandez, Elijah Lorenzo Tripp, Denis Khryashchev

cs.CR updates on arXiv.org arxiv.org

arXiv:2402.18401v1 Announce Type: cross
Abstract: The Software Supply Chain (SSC) has captured considerable attention from attackers seeking to infiltrate systems and undermine organizations. There is evidence indicating that adversaries utilize Social Engineering (SocE) techniques specifically aimed at software developers. That is, they interact with developers at critical steps in the Software Development Life Cycle (SDLC), such as accessing Github repositories, incorporating code dependencies, and obtaining approval for Pull Requests (PR) to introduce malicious code. This paper aims to comprehensively explore …

adversaries arxiv attackers attacks attention critical cs.cr cs.se developers engineering organizations social social engineering software software developers software supply chain software supply chain attacks supply supply chain supply chain attacks systems techniques

More from arxiv.org / cs.CR updates on arXiv.org

David and Goliath: An Empirical Evaluation of Attacks and Defenses for QNNs at the Deep … 6 hours ago | arxiv.org

applications arm arxiv attacks +18

How to Use Quantum Indistinguishability Obfuscation 6 hours ago | arxiv.org

arxiv class copy cs.cr +6

Privately Aligning Language Models with Reinforcement Learning 6 hours ago | arxiv.org

alignment arxiv chatgpt cs.cr +13

Numeric Truncation Security Predicate 6 hours ago | arxiv.org

arxiv bits conversion cs.cr +11

Causal Discovery Under Local Privacy 6 hours ago | arxiv.org

application arxiv consumers cs.ai +19

Investigating Threats Posed by SMS Origin Spoofing to IoT Devices 6 hours ago | arxiv.org

arxiv communication cs.cr devices +18

Impact of Architectural Modifications on Deep Learning Adversarial Robustness 6 hours ago | arxiv.org

adoption advancements adversarial applications +23

Tokenization of Real Estate Assets Using Blockchain 6 hours ago | arxiv.org

area arxiv assets banking +20

A Survey on Privacy-Preserving Caching at Network Edge: Classification, Solutions, and Challenges 6 hours ago | arxiv.org

arxiv caching challenges classification +12

Head of Security Operations

@ Canonical Ltd. | Home based - Americas, EMEA

View on infosec-jobs.com

Security Specialist

@ Lely | Maassluis, Netherlands

View on infosec-jobs.com

Senior Cyber Incident Response (Hybrid)

@ SmartDev | Cầu Giấy, Vietnam

View on infosec-jobs.com

Sr Security Engineer - Colombia

@ Nubank | Colombia, Bogota

View on infosec-jobs.com

Security Engineer, Investigations - i3

@ Meta | Menlo Park, CA | Washington, DC | Remote, US

View on infosec-jobs.com

Cyber Security Engineer

@ ASSYSTEM | Bridgwater, United Kingdom

View on infosec-jobs.com