supply chain

Pierluigi Paganini April 04, 2023
3CX Supply chain attack allowed targeting cryptocurrency companies

Threat actors behind the 3CX supply chain attack have targeted a limited number of cryptocurrency companies with a second-state implant. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular […]

Pierluigi Paganini March 30, 2023
3CX voice and video conferencing software victim of a supply chain attack

Popular voice and video conferencing software 3CX was the victim of a supply chain attack, SentinelOne researchers reported. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular software as […]

Pierluigi Paganini May 12, 2021
How Companies Need to Treat User Data and Manage Their Partners

After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to.  Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers. As per these regulations, organizations can be held responsible […]

Pierluigi Paganini August 01, 2019
MICROCHIPS Act aims at improving tech supply chain

MICROCHIPS Act (S. 2316) – Two US Senators have introduced a bill to protect US government supply chain against foreign sabotage and cyber espionage. Two US senators have introduced legislation a bill, dubbed Manufacturing, Investment and Controls Review for Computer Hardware, Intellectual Property and Supply ACT (MICROCHIPS Act – S. 2316) that aims at protecting […]

Pierluigi Paganini March 31, 2019
Experts released the List of ~600 MAC addresses hit in ASUS hack

Experts at Skylight Cyber released the list of 600 MAC addresses used threat actors behind Operation ShadowHammer to target ASUS customers. Skylight Cyber released the list of 583 MAC addresses used threat actors behind Operation ShadowHammer to target ASUS customers. Over 1 million ASUS users may have been impacted by a supply chain attack that […]

Pierluigi Paganini September 17, 2018
EOSBet Gambling application hacked, crooks stole $200,000 worth of EOS

The gambling application EOSBet was affected by a vulnerability in its smart contract system that has been exploited by attackers to steal $200,000 worth of EOS. The security breach was first reported by the member “thbourlove” of the EOSBet Reddit community that shared the code used to exploit the flaw. After seeing the exploit code, the EOSBet’s official Reddit account […]

Pierluigi Paganini July 28, 2018
Microsoft revealed details of a supply chain attack at unnamed Maker of PDF Editor

Microsoft revealed that hackers attempted to compromise the supply chain of an unnamed maker of PDF software. The attackers compromised a font package installed by a PDF editor app and used it to spread a crypto-mining malware on victims’ machines. The attack was discovered by the experts from Microsoft that received alerts via the Windows […]

Pierluigi Paganini September 22, 2017
CCleaner hackers targeted tech giants with a second-stage malware

The threat actor that recently compromised the supply chain of the CCleaner software targeted at least 20 tech firms with a second-stage malware. The threat actor that recently compromised the supply chain of the CCleaner software to distribute a tainted version of the popular software targeted at least 20 major international technology firms with a […]

Pierluigi Paganini August 20, 2017
Hackers can completely hijack a mobile device via replacement of a touchscreen

Hackers can hijack mobile devices by hiding malicious chips in a touchscreen and other components that are replaced. According to a team of researchers at the Ben-Gurion University of the Negev, this technique can give hackers complete control over the device. “Phone touchscreens, and other similar hardware components such as orientation sensors, wireless charging controllers, and NFC readers, […]

Pierluigi Paganini August 16, 2017
ShadowPad backdoor was spread in corporate networks through software update mechanism

Kaspersky Lab discovered attackers were able to modify the NetSarang software update process to include a malware tracked as ShadowPad backdoor. Software update mechanism could be an efficient attack vector, news of the day is that hackers compromised the update process for a popular server management software package developed by NetSarang. Attackers were able to […]