all InfoSec news
DevPhish: Exploring Social Engineering in Software Supply Chain Attacks on Developers
Feb. 29, 2024, 5:11 a.m. | Hossein Siadati, Sima Jafarikhah, Elif Sahin, Terrence Brent Hernandez, Elijah Lorenzo Tripp, Denis Khryashchev
cs.CR updates on arXiv.org arxiv.org
Abstract: The Software Supply Chain (SSC) has captured considerable attention from attackers seeking to infiltrate systems and undermine organizations. There is evidence indicating that adversaries utilize Social Engineering (SocE) techniques specifically aimed at software developers. That is, they interact with developers at critical steps in the Software Development Life Cycle (SDLC), such as accessing Github repositories, incorporating code dependencies, and obtaining approval for Pull Requests (PR) to introduce malicious code. This paper aims to comprehensively explore …
adversaries arxiv attackers attacks attention critical cs.cr cs.se developers engineering organizations social social engineering software software developers software supply chain software supply chain attacks supply supply chain supply chain attacks systems techniques
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
Head of Security Operations
@ Canonical Ltd. | Home based - Americas, EMEA
Security Specialist
@ Lely | Maassluis, Netherlands
Senior Cyber Incident Response (Hybrid)
@ SmartDev | Cầu Giấy, Vietnam
Sr Security Engineer - Colombia
@ Nubank | Colombia, Bogota
Security Engineer, Investigations - i3
@ Meta | Menlo Park, CA | Washington, DC | Remote, US
Cyber Security Engineer
@ ASSYSTEM | Bridgwater, United Kingdom