supply chain

Program code on a monitor

Code Tutorials Spread Application Flaws Far and Wide

In-brief: Researchers at universities in Germany, working with the security firm Trend Micro, discovered more than 100 vulnerabilities in GitHub code repositories simply by looking for re-used code from tutorials and other free code samples. The same method could be harnessed by cyber criminals or other sophisticated attackers to find and exploit vulnerabilities in software applications, the researchers warned.

A hidden, backdoor account affects a line of VoIP gateways made by DblTek, researchers from TrustWave found. (Image courtesy of DblTek.)

Dbl Trouble: Fix Falls Short for Backdoor in China-Made Devices

In-brief: A hidden, backdoor account affects a line of VoIP gateways made by DblTek, researchers from TrustWave found. The manufacturers fix, however, may not solve the problem. 

An article in Quartz finds a common theme in stories about the massive denial of service attacks from IoT botnets and exploding hover boards: a sketchy global supply chain.

Combustible Hoverboards to Hackable Cameras – its the Supply Chain, Stupid | Quartz

In-brief: An article in Quartz finds a common theme in stories about the massive denial of service attacks from IoT botnets and exploding hover boards: a sketchy global supply chain.

Cyber criminals are rushing to compromise weakly secured devices like cameras and digital video recorders. (Image courtesy of OKhistory.org)

Land Rush: Race is On To Hack Vulnerable IoT Devices

In-brief:Cyber criminal groups are racing to gain control over a population of insecure “Internet of Things” devices, with new malware families targeting embedded devices appearing at a steady rate and a noticeable uptick in so-called “brute force” password guessing attacks against embedded systems. 

Hardware and software from the Chinese supplier XiongMai Technologies were exploited to create the massive Mirai botnet, according to an analysis by the firm Flashpoint. (Image courtesy of Shodan)

Shoddy Supply Chain Lurks Behind Mirai Botnet

In-brief: A common, China-based supplier of management software is the common thread that ties together the myriad digital video recorders, IP-based cameras and other devices that make up the Mirai botnet, according to analysis by the firm Flashpoint.