Dependency Hijacking Software Supply Chain Attack Hits More Than 35 Organizations

Sonatype • February 24, 2021

Recently, a security researcher managed to breach systems of over 35 tech companies in what has been described as a novel software supply chain attack.

By taking advantage of a concept known as dependency confusion or namespace confusion, security researcher and ethical hacker Alex Birsan pushed his Proof-of-Concept (PoC) counterfeit packages downstream in an automated fashion to the development environments of Microsoft, Uber, Tesla, Yelp and Shopify, among other tech firms.

Download this whitepaper to learn more about:

What dependency confusion is;
The reasons why this particular software supply chain attack had a high success rate;
Why it was very hard to spot such an attack without Nexus Intelligence.

Previous
Safely Returning to the Workplace

Next
Blocking: The Key to Minimizing Risk of Namespace Confusion

Around the Network

Evolving Threats Facing Robotic and Other Medical Gear

Why Health Firms Struggle with Cybersecurity Frameworks

Identity Security and How to Reduce Risk During M&A

How 'Security by Default' Boosts Health Sector Cybersecurity

Medical Device Cyberthreat Modeling: Top Considerations

Safeguarding Critical OT and IoT Gear Used in Healthcare

How the NIST CSF 2.0 Can Help Healthcare Sector Firms

Protecting Medical Devices Against Future Cyberthreats

Is It Generative AI's Fault, or Do We Blame Human Beings?

Transforming a Cyber Program in the Aftermath of an Attack

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.