Published on February 10th, 2021 📆 | 8483 Views ⚑0
Microsoft, Uber And Tesla Amongst Tech Companies Vulnerable To New Automated Supply Chain Attack – Expert Insight
A novel form of software supply chain attack has been uncovered by ethical hacker Alex Birsan, who managed to breach the systems of over 35 major tech companies, including Microsoft, Uber and Tesla, by taking advantage of a concept known as dependency confusion.
The new attack vector is particularly worrying as, unlike traditional typosquatting or brandjacking supply chain attacks, the targeted companies automatically downloaded the malicious packages and the breach did not require social engineering or human error to infiltrate private repositories.
originally appeared on Source link