InfoSec News Nuggets 05/23/2022

Researchers Spot Supply Chain Attack Targeting GitLab CI Pipelines Security researchers at SentinelLabs are calling attention to a software chain supply attack targeting Rust developers with malware aimed directly at infecting GitLab Continuous Integration (CI) pipelines. The campaign, dubbed CrateDepression, combines typosquatting and the impersonation of a known Rust developer to push a malicious ‘crate’ hosted on the Rust dependency community repository.  (Editor’s note: A crate is a compilation unit in Rust). The malicious crate was…
Read More

InfoSec News Nuggets 04/13/2022

Sandworm hackers fail to take down Ukrainian energy provider The Russian state-sponsored hacking group known as Sandworm tried on Friday to take down a large Ukrainian energy provider by disconnecting its electrical substations with a new variant of the Industroyer malware for industrial control systems (ICS) and a new version of the CaddyWiper data destruction malware. The threat actor used a version of the Industroyer ICS malware customized for the target high-voltage electrical substations and then tried…
Read More