All posts tagged: Supply chain security

CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks

CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks

Published by skeptic

CrowdStrike, working with Google and Shadowserver, a nonprofit organization that scans and monitors the internet for cyberattacks, took down a botnet that cybercriminals used to push malware and steal passwords from open-source software developers. The takedown operation had the goal of disrupting the activities of the cybercriminals behind the so-called Glassworm botnet, who have been targeting the broader open source software supply chain for two years, according to CrowdStrike.  In recent months, several hacking groups have targeted developers and open source projects to push malicious software to companies and organizations who in turn use that software. These attacks can be effective because they exploit the trust that companies put into code that’s hosted on platforms like GitHub, and the workers behind that code. “Adversaries are no longer just targeting products, they’re targeting the developers who build them,” CrowdStrike wrote in its report about the takedown operation. “Developers represent uniquely high-value targets: compromising a single developer’s workstation can cascade into a supply-chain compromise that impacts thousands of downstream organizations and users.” The Glassworm hackers used several …

Netherlands blocks US takeover of vital digital supplier – POLITICO

Netherlands blocks US takeover of vital digital supplier – POLITICO

Published by Sam Flores

In a letter to the national parliament published on Tuesday, State Secretary for Digital Economy Willemijn Aerdts said the national authority charged with screening investments had advised the government to block the acquisition. The purchase was seen as posing “a possible risk to the public interest.” The government on Monday decided to adopt the advice and block the acquisition, Aerdts said. “The Netherlands attaches great value to the presence of foreign, especially U.S.-based tech companies, and their added value to the Dutch economy and digital infrastructure, but it maintains, at the same time, an independent investment screening framework aimed at protecting the public interest and which applies equally to all investors, independent of their country of origin,” the letter read. The decision comes a week before the European Commission is set to unveil its tech sovereignty package, a set of proposals to reduce Europe’s reliance on foreign technology in the areas of cloud, microchips and AI. Kyndryl said in a statement it was “extremely disappointed” about the decision. “The politicization of this process has overshadowed …