Summary

Top Articles:

  • PyTorch compromised to demonstrate dependency confusion attack on Python environments
  • Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain
  • Approximatively 1,500 businesses impacted by the ransomware attack that hit Kaseya
  • Microsoft, CISA and NSA offer security tools and advice, but will you take it?
  • Google confirms that advanced backdoor came preinstalled on Android devices

Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain

🤖: ""JS attack detected""

Cybersecurity company Censys has identified over 380,000 hosts that are still referencing the malicious polyfill.io domain. Censys reported that over 380,000 internet-exposed hosts are still referencing the malicious polyfill.io domain. The polyfill.io domain was suspended last week following multiple reports of malicious activity. The domain Polyfill.io was used to host JavaScript code that added modern […]

...more

PyTorch compromised to demonstrate dependency confusion attack on Python environments

Threat actors compromised the PyTorch Machine Learning Framework by adding a malicious dependency. The maintainers of the PyTorch package warn of a supply chain attack. Users who have installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, to uninstall it and use the latest binaries. “If you installed PyTorch-nightly on […] The post PyTorch compromised to demonstrate dependency confusion attack on Python environments appeared first on Security Affairs.

...more

Microsoft, CISA and NSA offer security tools and advice, but will you take it?

Microsoft, CISA, and the NSA are individually offering tools and advice that aim to improve security for organizations. But will the targeted audience have the time and resources to accept that help? Categories: Opinion Tags: cisaEMemergency mitigation serviceEOLexchangeinsider risk mitigation self-assessment toolinsider threatmicrosoftNSAnsssupply chain attackvpn (Read more...) The post Microsoft, CISA and NSA offer security tools and advice, but will you take it? appeared first on Malwarebytes Labs.

...more

Approximatively 1,500 businesses impacted by the ransomware attack that hit Kaseya

Kaseya confirmed that the REvil supply-chain ransomware attack hit fewer than 60 of its customers and their customers. Software provider Kaseya announced that fewer than 60 of its customers and less than 1,500 businesses have been impacted by the recent supply-chain ransomware attack. Up to 1,500 downstream organizations, which were customers of MSPs using Kaseya VSA management […] The post Approximatively 1,500 businesses impacted by the ransomware attack that hit Kaseya appeared first on Security Affairs.

...more

Google confirms that advanced backdoor came preinstalled on Android devices

Published: 2019-06-06 20:47:20

Popularity: None

Author: Dan Goodin

Keywords:

  • Biz & IT
  • android
  • backdoor
  • google
  • malware
  • supply chain attack
  • After Google successfully beat back Triada in 2017, its developers found a new way in.

    ...more

    end