Introduction Orca Security has recently identified a design flaw in Google Cloud Build service, named "Bad.Build." This flaw poses a serious security risk as it enables attackers to execute Privilege Escalation, granting them unauthorized entry into Google's Artifact Registry's code repositories. The consequences of this vulnerability extend...
From 2019 to 2022, the average annual increase in software supply chain attacks exceeded 700%, a growing trend whose economic impact is expected to surpass 80 billion dollars in 2026. Recognizing the severity of this issue, the National Security Agency (NSA) and the Cybersecurity and...
This complexity means numerous avenues exist for attackers, including open-source software repositories. According to GitHub, 85-97% of enterprise codebases come from open-source repositories. Npm and PyPI repositories have seen a 300% increase in attacks over the past four years. For example, IconBurst is a prime illustration of today's...
Software Supply Chain Attacks Analysis 3CX is a well-known company providing VoIP and Unified Communications products. They claim to have over 600,000 installations and 12M daily users. Undoubtedly a tempting target for bad actors. By the end of March 3CX was attacked in a sophisticated software supply...
However, the software supply chain has become an increasingly popular target for cybercriminals seeking to infiltrate software and compromise its security. One of the methods used by attackers to achieve this is code tampering, which is the process of modifying a software's source code to...
As businesses increasingly rely on software to operate, the security of the software supply chain becomes more critical. A software supply chain is the process of creating and delivering software, from development to deployment. Insecure software can lead to significant data breaches, financial loss, and...
Software supply chain security is critical to the functioning and safety of all modern-day software. However, with the rapid growth of software development on GitHub, there is an increase in the risk of malware injection. Malware injection can cause data theft, system damage, and reputational...
Modern software development is a complex process that increasingly involves more actors and different components, highlighting the adoption of open source which now accounts for more than 3 billion component downloads in different repositories. The rate of code adoption is still growing at rates greater...
As a Chief Information Security Officer, CIO, or DevOps engineer, it's essential to ensure that your platform is correctly configured to deliver stable and reliable services to your users. However, misconfigurations can occur for various reasons, ranging from human error to changes in your infrastructure....
Continuous integration and continuous delivery (CI/CD) pipelines are the foundation of any software organization that builds software in a "modern" way. Automation provides great power, but most developers miss the responsibility it entails. Developer: Yeah, we take CI/CD security seriously and have strong control on code maintainers, review...
Software technology evolved, and hackers evolved with it. The arms-race with bad actors was mostly restricted to vulnerabilities and attacks directed at the deployed software. Attacking the software supply chain, albeit not unseen, was not the primary target for the bad guys...
