supply chain

Avast fends off hacker who breached its internal network in copycat CCleaner attack

Czech anti-virus firm Avast has been targeted for a second time by hackers seemingly attempting to plant malware inside a malicious CCleaner update.

Oh, the irony… Malware spread via Best of the Web security seals

The very thing that websites were using to reassure you that they were secure… was insecure, and putting website visitors’ personal data at risk.

Asus pushes out urgent security update after its own automatic Live Update tool was hacked

Taiwan-based technology giant Asus is advising concerned customers to run a newly-created diagnostic tool on their Windows computers after hackers pushed out malware to what some security researchers have estimated to be as many as one million PCs using Asus’s own Live Update software tool.

Read more in my article on the Tripwire State of Security blog.

Supermicro says independent investigation found no spy chips on its motherboards

An independent audit has found no evidence that malicious chips were planted on Supermicro’s motherboards, debunking Bloomberg claims that servers at Amazon and Apple were being spied upon by China.

StatCounter web analytics script poisoned to steal Bitcoins

Security researchers at ESET discovered that hackers managed to compromise StatCounter and change the analytics script used by hundreds of thousands of websites.

Department of Homeland Security and GCHQ back Apple and Amazon’s denials they were hacked by China

The US Department of Homeland Security and UK’s GCHQ have rallied behind the vigorous denials issued by Amazon and Apple, after Bloomberg BusinessWeek reported China had planted malicious computer chips on systems used by the tech giants.

China accused of sabotaging thousands of servers at major US companies with tiny microchips hidden on motherboards

An extraordinary report released by Bloomberg BusinessWeek, which claims that China has been exploiting the supply-chain, planting a tiny microchip on servers which ended up in the server rooms of almost 30 companies, including the likes of Apple and Amazon.

Robotics supplier’s sloppy security leaks ten years’ worth of data from major car manufacturers

Security researchers have discovered 157 gigabytes of sensitive data from over 100 manufacturing companies left exposed online for anyone to access.

Supply chain attack inserted backdoor into popular server management software

A supply chain attack is believed to have been responsible for surreptitiously inserting a backdoor into widely used server management software.

David Bisson reports.