This is very nasty!
My impression is that law enforcement is doing to little about hackers given all the bad news of all kinds of hacking incidents/crimes (stealing software, deleting data, extortion etc. etc.) in recent times!
"... On Tuesday, cybersecurity firms StepSecurity and SafeDep warned of the latest wave of supply-chain attacks, which aim to compromise developers of popular open source projects and use that access to plant malicious updates that are pushed to users downstream.
According to SafeDep, hackers took over the account of one developer and released over 630 malicious versions across 317 packages in about 20 minutes. The goal of the attack is to steal credentials for various services, including password managers, as a way to steal data and continue spreading the malware.
Among the packages that the hackers compromised is Antv, a library made by Alibaba. In some cases, the hackers published malicious updates on GitHub, according to JFrog Security. ..."
No comments:
Post a Comment