supply chain

code on a monitor

Code Tutorials Spread Application Flaws Far and Wide

In-brief: Researchers at universities in Germany, working with the security firm Trend Micro, discovered more than 100 vulnerabilities in GitHub code repositories simply by looking for re-used code from tutorials and other free code samples. The same method could be harnessed by cyber criminals or other sophisticated attackers to find and exploit vulnerabilities in software applications, the researchers warned.

VoiP Router

Dbl Trouble: Fix Falls Short for Backdoor in China-Made Devices

In-brief: A hidden, backdoor account affects a line of VoIP gateways made by DblTek, researchers from TrustWave found. The manufacturers fix, however, may not solve the problem. 

Combustible Hoverboards to Hackable Cameras – its the Supply Chain, Stupid | Quartz

In-brief: An article in Quartz finds a common theme in stories about the massive denial of service attacks from IoT botnets and exploding hover boards: a sketchy global supply chain.

Land Rush: Race is On To Hack Vulnerable IoT Devices

In-brief:Cyber criminal groups are racing to gain control over a population of insecure “Internet of Things” devices, with new malware families targeting embedded devices appearing at a steady rate and a noticeable uptick in so-called “brute force” password guessing attacks against embedded systems. 

Shoddy Supply Chain Lurks Behind Mirai Botnet

In-brief: A common, China-based supplier of management software is the common thread that ties together the myriad digital video recorders, IP-based cameras and other devices that make up the Mirai botnet, according to analysis by the firm Flashpoint.