A newly discovered campaign pushing malicious open source software packages is designed to steal mnemonic phrases used to recover lost or destroyed crypto wallets, according to a report by ReversingLabs.
supply chain
Researcher: malicious packages lurked on npm for months
Researchers at ReversingLabs said they discovered two npm open source packages that contained malicious code linked to open source malware known as TurkoRat.
Report: Digital Supply Chain Breaches Impact 98% of Organizations
Results from a survey of 2,000 enterprises found an increasing supply chain risk, with 98% of respondents reported having been “negatively impacted” by a breach in their supply chain
Supply Chain Hackers LofyGang Behind Hundreds of Malicious Packages
Researchers at Checkmarx say that a cybercriminal group, LofyGang, has targeted the open-source supply chain with hundreds of malicious packages to steal credit card information, stream accounts, and promote hacking tools.
Episode 232: Log4j Won’t Go Away (And What To Do About It.)
In this episode of the podcast (#232), Tomislav Peričin of the firm ReversingLabs joins us to talk about Log4Shell, the vulnerability in the ubiquitous Log4j Apache library. Tomislav tells us why issues related to Log4j won’t be going away anytime soon and how organizations must adapt to deal with the risk it poses.
