Dependency Confusion Supply-Chain Attack Hit Over 35 High-Profile Companies

The Hacker News Daily Updates [Newsletter]( [cover]( [IT Leadership Playbook]( Get in the (IT) Game [Download Now]( Sponsored LATEST NEWS Feb 11, 2021 [The Weakest Link in Your Security Posture: Misconfigured SaaS Settings]( In the era of hacking and malicious actors, a company's cloud security posture is a concern that preoccupies most, if not all, organizations. Yet even more than that, it is the SaaS Security Posture Management (SSPM) that is critical to today's company security. Recently Malwarebytes released a ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [10 SIM Swappers Arrested for Stealing $100M in Crypto from Celebrities]( Ten people belonging to a criminal network have been arrested in connection with a series of SIM-swapping attacks that resulted in the theft of more than $100 million by hijacking the mobile phone accounts of high-profile individuals in the U.S. The Europol-coordinated year-long investigation was ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Poor Password Security Led to Recent Water Treatment Facility Hack]( New details have emerged about the remote computer intrusion at a Florida water treatment facility last Friday, highlighting a lack of adequate security measures needed to bulletproof critical infrastructure environments. The breach, which occurred last Friday, involved an unsuccessful attempt on ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies]( UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research. Attributing the operation to be the work of Static Kitten (aka MERCURY or MuddyWater), Anomali said the "objective of this activity is to ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Dependency Confusion Supply-Chain Attack Hit Over 35 High-Profile Companies]( In what's a novel supply chain attack, a security researcher managed to breach over 35 major companies' internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, and achieve remote code execution. The technique, called dependency confusion or a ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [cover]( [IT Leadership Playbook]( Get in the (IT) Game [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com [Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India