What happened with Vue.js framework should act as a cautionary tale for developers and security leads in development environments. Immediately addressed by users of Snyk, the node-ipc maintainer, RIAEvangelist, made a stunning statement about supply chain attacks in the industry. In a month where cybersecurity professionals have been expecting foreign attacks to reach their perimeters, it seems that a supply chain attack has compromised two modules from the Vue.js JavaScript framework. 🔸 Secret Knowledge: Malware Detection & Linux Security
🔸 News Bytes: NPM compromise, another Wiper in Ukraine and more 🔸 MITRE ATT&CK – System Information Discovery 🔸 How to Use Wireshark at Enterprise Level 🔸 Turning Read to Write Permissions with Dirty Pipe
In an effort to give you something that will be useful for Monday morning, we have also included a few tools for malware detection and Linux security. This week, we're turning our coverage towards a developer intentionally disrupting the NPM supply chain, how to use the MITRE ATT&CK framework, and how to get the most out of Wireshark. Ransomware is still spreading across the US and Europe, making people like the SecPro readership the first line of defense against international criminal gangs and suspected nation state-level threats.īut while we all sit with shields up, ready for the next threat, conferences are still going on and security researchers are still doing what they do. New critical vulnerabilities in Linux, Veeam, and other programs means that is has been a busy week for many people. Despite continued cyberwar raging on an intercontinental level, most cybersecurity professionals have had to continue getting on with their life as normal.
0 kommentar(er)
