GitHub Developers Hit in Complex Supply Chain Cyberattack

The attacker employed various techniques, including distributing malicious dependencies via a fake Python infrastructure linked to GitHub projects. [TechWeb]( Follow Dark Reading: [RSS]( March 25, 2024 LATEST SECURITY NEWS & COMMENTARY [GitHub Developers Hit in Complex Supply Chain Cyberattack]( The attacker employed various techniques, including distributing malicious dependencies via a fake Python infrastructure linked to GitHub projects. [Russian APT Releases More Deadly Variant of AcidRain Wiper Malware]( New AcidPour variant can attack a significantly broader range of targets including IoT devices, storage area networks, and handhelds. [Apple Stingy With Details About Latest iOS Update]( The security update comes just weeks after the release of iOS 17.4, but Apple has not included CVEs or information about the fixes. [Kenya to TikTok: Prove Compliance With Our Privacy Laws]( Beleaguered social media platform now faces scrutiny by the Kenyan government over cybersecurity and data privacy. [8 Strategies for Enhancing Code Signing Security]( Strong code-signing best practices are an invaluable way to build trust in the development process and enable a more secure software supply chain. [Japan Runs Inaugural Cyber Defense Drills with Pacific Island Nations]( Kiribati, the Marshall Islands, Micronesia, Nauru, and Palau participate in the cybersecurity exercise held in Guam. [(Sponsored Article) On Whose Account? Challenges in Securing Non-Human Identities]( Service accounts, API keys, and OAuth tokens are a growing attack vector for cybercriminals looking to penetrate organizations' defenses. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Ivanti Keeps Security Teams Scrambling With 2 More Vulns]( Since the beginning of this year, the company has disclosed some seven critical bugs so far, almost all of which attackers have quickly exploited in mass attacks. [Cyber Warfare: Understanding New Frontiers in Global Conflicts]( An arms race is developing between those using technology to target adversaries and those using it prevent attacks from succeeding. [The New CISO: Rethinking the Role]( Rising cybersecurity demands are changing the role of the head security officer. CISOs need to make a list, check it at least twice, and document every step. [Changing Concepts of Identity Underscore 'Perfect Storm' of Cyber-Risk]( Forgepoint Capital's Alberto Yépez discusses how the concept of identity is changing: It doesn't just mean "us" anymore. [MORE]( PRODUCTS & RELEASES [Deloitte Launches CyberSphere Platform to Simplify Cyber Operations for Clients]( [Pathlock Introduces Continuous Controls Monitoring to Reduce Time and Costs]( [Akamai Research Finds 29% of Web Attacks Target APIs]( [Kaspersky Identifies Three New Android Malware Threats]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [NIST's Vuln Database Downshifts, Prompting Questions About Its Future]( NVD may be in peril, and while alternatives exist, enterprise security managers will need to plan accordingly to stay on top of new threats. LATEST FROM THE EDGE [AWS CISO: Pay Attention to How AI Uses Your Data]( Amazon Web Services CISO Chris Betz explains why generative AI is both a time-saving tool and a double-edged sword. LATEST FROM DR TECHNOLOGY [Using East-West Network Visibility to Detect Threats in Later Stages of MITRE ATT&CK]( Ensuring that traffic visibility covers both client-server and server-server communications helps NetOps teams analyze and spot potential threats early on, avoiding catastrophic effects. LATEST FROM DR GLOBAL [United Arab Emirates Faces Intensified Cyber-Risk]( The UAE leads the Middle East in digital-transformation efforts, but slow patching and legacy technology continue to thwart its security posture. WEBINARS - [Securing Code in the Age of AI]( - [Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [The State of Incident Response]( - [Cheat Sheet - 5 Strategic Security Checkpoints]( - [Understanding Today's Threat Actors]( - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( - [A Solution Guide to Operational Technology Cybersecurity]( - [Causes and Consequences of IT and OT Convergence]( - [FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122323&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_03.25.24&sp_cid=52665&utm_content=DR_NL_Dark%20Reading%20Daily_03.25.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#81 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)