OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products.
The company disclosed this week that it had been caught up in the wider “Mini Shai-Hulud” campaign targeting npm ecosystems and developer infrastructure, though it said there was no evidence that customer data, production systems, or deployed software were compromised.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Espionage Campaign Targets Telecoms Organizations across Middle East and Asia
December 14, 2021
Attackers most likely linked to Iran have attacked a string of telecoms operators in the Middle East and Asia over the past six months, in addition to a number of IT services organizations and a utility company. Organizations in Israel, Jordan, Kuwait, Saudi Arabia, the United Arab Emirates, Pakistan, Thailand, and Laos were targeted in the ...
- Suspected Russian Activity Targeting Government and Business Entities Around the Globe
December 8, 2021
As the one-year anniversary of the discovery of the SolarWinds supply chain compromise passes, Mandiant remains committed to tracking one of the toughest actors we have encountered. These suspected Russian actors practice top-notch operational security and advanced tradecraft. However, they are fallible, and we continue to uncover their activity and learn from their mistakes. Ultimately, ...
- IKEA email systems hit by ongoing cyberattack
November 26, 2021
IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails. A reply-chain email attack is when threat actors steal legitimate corporate email and then reply to them with links to malicious documents that install malware on recipients’ devices. As the reply-chain emails are legitimate emails from a ...
- UK Labour Party data breach: Supporters’ details affected in cyberattack
November 3, 2021
The Labour Party has confirmed that details of its members and supporters is among information affected by a “cyber incident” at a company which handles the party’s data. In a statement sent to all party members on Wednesday, Labour said the “significant” attack was on “‘a third party that handles data on our behalf” and that ...
- Cybercriminals sell access to international shipping, logistics giants
November 2, 2021
Cybercriminals are offering initial access for networks belonging to key players in global supply chains, researchers warn. On Tuesday, Intel 471 published an analysis of current black market trends online, revealing instances of initial access brokers (IABs) offering access to international shipping and logistics companies across the ground, air, and sea. Global supply chains have faced serious ...
- US and EU to cooperate on tech standards, supply chain security and tech development
September 30, 2021
The United States and the European Union have started work on coordinating approaches across various technology areas, including AI and semiconductors, and tackling non-market policies that result in the misuse of technology. The plan was created on Wednesday after US and EU representatives, including US President Joe Biden and European Commission Vice Presidents Valdis Dombrovskis and ...