supply chain attack Archives - Developer Tech News

Visual Studio Marketplace is the latest supply chain attack vector

Ryan Daws — Mon, 09 Jan 2023 14:14:15 +0000

Aqua Security researchers have found that hackers are using Visual Studio Marketplace to conduct supply chain attacks. In a new report, the researchers uncovered that attackers could impersonate popular VS Code extensions to trick developers into downloading malicious versions. VS Code is the most popular IDE, with around 74.48 percent of developers using it. The... Read more »

The post Visual Studio Marketplace is the latest supply chain attack vector appeared first on Developer Tech News.

Large-scale supply chain attack used 218 malicious NPM packages

Ryan Daws — Thu, 24 Mar 2022 14:32:40 +0000

A large-scale supply chain attack has been uncovered that used 218 malicious NPM packages. Researchers from JFrog claim that several of their automated analysers started throwing up alerts regarding a set of packages in the npm registry earlier this week. Over a few days, the number of packages swelled from around 50 packages to more... Read more »

The post Large-scale supply chain attack used 218 malicious NPM packages appeared first on Developer Tech News.

Checkmarx acquires Dustico in wake of increasing supply chain attacks

Ryan Daws — Fri, 06 Aug 2021 12:38:38 +0000

Developer-centric app security testing (AST) firm Checkmarx has acquired Dustico to help counter the increasing threat of supply chain attacks. “We’re thrilled to welcome Dustico and its team to Checkmarx as the Israeli tech ecosystem continues to push the boundaries of cybersecurity innovation and talent,” said Emmanuel Benzaquen, CEO, Checkmarx. “Blending Dustico’s differentiated approach to... Read more »

The post Checkmarx acquires Dustico in wake of increasing supply chain attacks appeared first on Developer Tech News.

Google’s latest framework aims to prevent SolarWinds-like supply chain attacks

Ryan Daws — Fri, 18 Jun 2021 15:18:50 +0000

Google has unveiled a new framework called Supply chain Levels for Software Artifacts, or SLSA (pronounced “salsa”). The intention of SLSA is to help prevent the growing number of devastating supply chain attacks in recent years—such as the SolarWinds and CodeCov hacks. Google describes SLSA as “an end-to-end framework for ensuring the integrity of software... Read more »

The post Google’s latest framework aims to prevent SolarWinds-like supply chain attacks appeared first on Developer Tech News.