A mysterious hacking group has compromised the server infrastructure of a popular Android emulator and has delivered malware to a handful of victims across Asia in a highly-targeted supply chain attack. ZDNet reports: The attack was discovered by Slovak security firm ESET on January 25, last week, and targeted BigNox, a company that makes NoxPlayer, a software client for emulating Android…
Tag: supply chain attack
Sealed US Court Records Exposed In SolarWinds Breach
An anonymous reader quotes a report from Krebs On Security: The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts. The…
CISA Updates SolarWinds Guidance, Tells US Govt Agencies To Update Right Away
The US Cybersecurity and Infrastructure Security Agency has updated its official guidance for dealing with the fallout from the SolarWinds supply chain attack. From a report: In an update posted late last night, CISA said that all US government agencies that still run SolarWinds Orion platforms must update to the latest 2020.2.1HF2 version by the end of the year. Agencies that…
Vietnam Targeted in Complex Supply Chain Attack
A group of mysterious hackers has carried out a clever supply chain attack against Vietnamese private companies and government agencies by inserting malware inside an official government software toolkit. From a report: The attack, discovered by security firm ESET and detailed in a report named “Operation SignSight,” targeted the Vietnam Government Certification Authority (VGCA), the government organization that issues digital certificates…
Why The ASUS Supply Chain Hack Is a Big Deal
Last week, Motherboard revealed that hackers had broken into the servers that belong to ASUS, the Taiwanese computer giant. Once inside, the hackers pushed out a malicious update signed with a legitimate digital certificate to thousands of ASUS customers. Kaspersky Lab, which discovered the attack, estimates that around 500,000 people received this update. The hackers,… Continue reading Why The ASUS Supply Chain Hack Is a Big Deal