Unpacking Axios – 400 million downloads. One Compromised Password
Impossible d'ajouter des articles
Échec de l’élimination de la liste d'envies.
Impossible de suivre le podcast
Impossible de ne plus suivre le podcast
Unpacking Axios – 400 million downloads. One Compromised Password
-
Lu par :
-
De :
À propos de ce contenu audio
On March 31st, Axios was compromised. Four hundred million monthly downloads. The HTTP library sitting inside almost every web application your clients use, depend on, or have had custom-built for them.
The attacker did not touch a single line of code. They hijacked the maintainer's credentials, slipped in one hidden dependency, and let your clients' own systems install the malware automatically during a routine update. It stole every credential it could find, cleaned up after itself, and left no trace. Three hours. Gone before most people woke up.
That attack did not come out of nowhere. This is the fifth attack in twelve days between TeamPCP and UNC 1069 (North Korea).
We wanted one person on The CyberCall this week: someone who spent two decades at Foundstone, Mandiant, and FireEye investigating exactly how these attacks unfold. This person then built Cylerian to ensure MSPs have the tools to stop them before the 2 a.m. call comes in. This week's special guest is Vijay Akasapu, CEO of Cylerian.
