Dependency Hijacking Software Supply Chain Attack Hits More Than 35 Organizations
Recently, a security researcher managed to breach systems of over 35 tech companies in what has been described as a novel software supply chain attack.
By taking advantage of a concept known as dependency confusion or namespace confusion, security researcher and ethical hacker Alex Birsan pushed his Proof-of-Concept (PoC) counterfeit packages downstream in an automated fashion to the development environments of Microsoft, Uber, Tesla, Yelp and Shopify, among other tech firms.
Download this whitepaper to learn more about:
- What dependency confusion is;
- The reasons why this particular software supply chain attack had a high success rate;
- Why it was very hard to spot such an attack without Nexus Intelligence.