MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
attack
Recherche

35 Companies Including Apple Hacked in Supply Chain Attack

mercredi 10 février 2021, 17:34 , par TheMacObserver
Security researcher Alex Birsan was able to breach over 35 companies’ internal systems, including Apple, Microsoft, PayPal, Spotify, Netflix, and others. He did this through bug bounty programs and pre-approved penetration testing arrangements (aka, he’s one of the good guys). He earned over US$100,000 in bounties.
The attack comprised uploading malware to open source repositories including PyPI, npm, and RubyGems, which then got distributed downstream automatically into the company’s internal applications.
Unlike traditional typosquatting attacks that rely on social engineering tactics or the victim misspelling a package name, this particular supply chain attack is more sophisticated as it needed no action by the victim, who automatically received the malicious packages.
Tags: hacking, Security
https://www.macobserver.com/link/35-companies-hacked-supply-chain/?utm_source=macobserver&utm_medium...
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
jeu. 28 mars - 14:02 CET