image credit: pexels
An ethical hacker has demonstrated a novel supply-chain attack that breached the systems of more than 35 technology players, including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla and Uber, by exploiting public, open-source developer tools.
The attack, devised by security researcher Alex Birsan, injects malicious code into common tools for installing dependencies in developer projects which typically use public depositories from sites like GitHub. The malicious code then uses these dependencies to propagate malware through a targeted company’s internal applications and systems.
Comments are closed.
