Skip to content
Advertisement
When Appliance Fail?

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Security firms find themselves especially exposed.

schedule 11:00 visibility 45 views
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Source: Ars Technica
We Bring Your Appliance Back to Life

It has been a bad six weeks for security firm Checmarx. Over the past 40 days, it has been the victim of at least one supply-chain attack that delivered malware to customers on two separate occasions. Now it has been hit by a ransomware attack from prolific fame-seeking hackers.

The streak of misfortunes started on March 19, with the supply-chain attack of Trivy, a widely used vulnerability scanner. The attackers behind the breach first breached the Trivy GitHub account and then used their access to push malware to Trivy users, one of which was Checkmarx. The pushed malware scoured infected machines for repository tokens, SSH keys, and other credentials.

Both a target and delivery mechanism

Four days later, Checkmarx’s GitHub account was compromised and began pushing malware to the security firm’s users. The company contained and remediated the breach and replaced the malware with the legitimate apps. Or so Checkmarx thought.

Appliance Problems? Solved Today.

Read full article

Comments

newspaper

Originally published at

Ars Technica

open_in_new Read Full Article
Your Appliance Deserves a Second Chance

Related Articles

GOG apologizes for emailing people Nazi symbols
Technology

GOG apologizes for emailing people Nazi symbols

GOG sent a newsletter about the game The End of the Sun on June 5th that included symbols associated with the Nazi SS. The Steam competitor issued a statement attributing the inclusion to a "series of mistakes," including miscommunication with the...

The Verge
Meta made its own AI-generated clickbait news feed
Technology

Meta made its own AI-generated clickbait news feed

Facebook has long been filled with feeds of clickbait articles. Now, Meta is making its own clickbait articles with AI. The standalone Meta AI app now has a "For You" section that populates a list of clickbait-style stories for you to read. But the...

The Verge

Read More

Here comes new Siri again
Technology

Here comes new Siri again

Apple has been on its back foot, AI-wise, for the past few years. But in a strange way, playing from behind might not be such a bad move. At WWDC on Monday, Apple appears to be getting ready to reintroduce us to the new Siri. Again. As a reminder...

The Verge
The next YouTube phenomenon hitting the big screen
Technology

The next YouTube phenomenon hitting the big screen

Hi, friends! Welcome to Installer No. 131, your guide to the best and Verge-iest stuff in the world. (If you're new here, welcome, happy last week of productivity before the World Cup starts, and also you can read all the old editions at the...

The Verge
Your Appliance Broke?
Reliable Repair for