Codecov Affected by Supply-Chain Attack; Notifies Customers
Microsoft Warns of 25 Critical Memory-Allocation Vulnerabilities in IoT Devices
Babuk Gang to Focus on Data-Theft Extortion instead of Ransomware
Information of 22 Million ParkMobile Customers Released for Free on Hacking Forum
Musical Instrument Marketplace Reverb Discloses Data Breach
Code coverage and software auditing company Codecov recently suffered a supply-chain attack where a threat actor gained access to its Bash Uploader script, altering it to exfiltrate sensitive information from customer environments. Threat actors gained credentials to modify the script by taking advantage of weaknesses in Codecov’s Docker image creation process.
Codecov discovered the compromise on April 1 and began notifying affected customers and providing IOCs on April 30. However, investigation shows the attack first began unnoticed in late January. U.S. federal authorities have also now joined the investigation. Hundreds of cust