Security firm Checkmarx has endured a relentless six-week streak of cyberattacks, including two supply-chain incidents and a recent ransomware strike. The attacks, which exploited compromised GitHub accounts, targeted both Checkmarx and its customers.
Timeline of the Attacks
The first incident occurred on March 19, 2024, when attackers breached the GitHub account of Trivy, a widely used vulnerability scanner. The hackers then pushed malware to Trivy users, including Checkmarx. The malware was designed to harvest repository tokens, SSH keys, and other sensitive credentials from infected machines.
Four days later, on March 23, 2024, Checkmarx’s own GitHub account was compromised. The attackers used this access to push malware to the security firm’s users. Checkmarx claims to have contained and remediated the breach, replacing the malicious files with legitimate applications.
Ransomware Strike Follows Supply-Chain Attacks
Now, Checkmarx has been hit by a ransomware attack attributed to a prolific hacking group seeking notoriety. The timing of this attack has raised concerns about the firm’s security posture and the effectiveness of its remediation efforts.
Impact on Customers
The supply-chain attacks exposed Checkmarx’s customers to significant risks, including credential theft and potential unauthorized access to sensitive data. While Checkmarx has stated that it contained the breaches, the incidents highlight the growing threat of supply-chain attacks targeting security firms.
Related articles
Fired IT Workers Accidentally Record Own Database Sabotage via Active Teams Call
Perhaps you remember Muneeb and Sohaib Akhter, the 34-year-old twin brothers we profiled earlier this week. Although they had the tech chops to commit...
OpenAI Launches Mobile Access to Codex for Coding Projects On-the-Go
The integration allows you to keep tabs on your coding projects on the go.
Windows 11 BitLocker Bypassed by Zero-Day Exploit 'YellowKey' in Seconds
A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain compl...
Esports World Cup Relocates from Riyadh to Paris Amid Middle East Uncertainty
Uncertainty in the Middle East is apparently forcing the location change.
OpenAI Confirms No User Data Accessed in ChatGPT Mac App Security Breach
OpenAI found no evidence that user data was accessed.
Windows Update to Automatically Roll Back Faulty Drivers Soon
The company is also trying to prevent driver problems before they happen with a new initiative.
Apple Supports Google Against EU’s Android AI Mandate, Citing Privacy Risks
The company agrees with Google that it would put European users' privacy and safety at risk.
Meta Employees Protest AI Training Using Mouse Tracking Data
Last month, it said it would use employees' mouse movements and keystrokes to train AI models.