OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products.
The company disclosed this week that it had been caught up in the wider “Mini Shai-Hulud” campaign targeting npm ecosystems and developer infrastructure, though it said there was no evidence that customer data, production systems, or deployed software were compromised.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- House Passes Bill Expanding DHS’ Power to Block Risky Contractors from Government Networks
September 5, 2018
The House passed legislation Tuesday that would dramatically broaden the Homeland Security Department’s power to block contractors and subcontractors that officials determine present cybersecurity and national security risks to the department’s technology supply chain. The bill, which is modeled on an authority already granted to the Defense Department, comes after Congress took action in the past ...
- Pentagon Circulates Software ‘Do Not Buy’ List
July 30, 2018
The US Department of Defence has begun circulating a “do not buy” list of software it considers to have Russian and Chinese connections, in the country’s latest tightening of restrictions on foreign tech influence. The Chinese and Russian governments have called previous US restrictions on companies such as Russian security software firm Kaspersky Lab and Chinese telecoms equipment ...
- Microsoft says: Lock down your software supply chain before the malware scum get in
May 5, 2017
Microsoft’s security team is urging developers to shore up their software update systems – after catching miscreants hijacking an editing application’s download channels to inject malware into victims’ PCs. In a security advisory, Redmond’s infosec gurus describe Operation WilySupply: their mission to find, isolate and destroy an unusual and highly targeted form of malicious code that ...