OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products.
The company disclosed this week that it had been caught up in the wider “Mini Shai-Hulud” campaign targeting npm ecosystems and developer infrastructure, though it said there was no evidence that customer data, production systems, or deployed software were compromised.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- DarkHalo after SolarWinds: the Tomiris connection
September 29, 2021
In December 2020, news of the SolarWinds incident took the world by storm. While supply-chain attacks were already a documented attack vector leveraged by a number of APT actors, this specific campaign stood out due to the extreme carefulness of the attackers and the high-profile nature of their victims. It is believed that when FireEye ...
- SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor
September 28, 2021
The threat actors behind the notorious SolarWinds supply-chain attacks have dispatched new malware to steal data and maintain persistence on victims’ networks, researchers have found. Researchers from the Microsoft Threat Intelligence Center (MSTIC) have observed the APT it calls Nobelium using a post-exploitation backdoor dubbed FoggyWeb, to attack Active Directory Federation Services (AD FS) servers. AD ...
- CISA: Sharing Information To Get Ahead Of Supply Chain Risks
September 21, 2021
The increase in digitization and use of information and communications technology (ICT) has improved ability of many companies to provide National Critical Functions. ICT enables access to real-time information, remote entry to networks, instant communication, and so much more. At the same time, nation-states seeking to cause harm to the United States (i.e., espionage or ...
- DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices
July 30, 2021
The US Department of Justice says that the Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were breached by the Russian Foreign Intelligence Service (SVR) during the SolarWinds global hacking spree. “The APT is believed to have access to compromised accounts from approximately May 7 to December 27, 2020,” the DOJ said ...
- Kaseya claims SaaS restoration going swimmingly
July 12, 2021
Beleaguered IT management firm Kaseya says sixty per cent of its SaaS services have been successfully restored. An update to the firm’s advisory regarding the attack on its VSA product, time-stamped 10:00PM Eastern Daylight Time (EDT) on July 11th, states: “The restoration of services is progressing according to plan, with 60% of our SaaS customers live ...
- CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
July 4, 2021
CISA and the Federal Bureau of Investigation (FBI) continue to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers (MSPs) and their customers. CISA and FBI strongly urge affected MSPs and their customers to follow the guidance below. CISA and FBI recommend affected MSPs: Download the Kaseya ...