sleeper supply chain attack activates after six years. Russian controlled open source tool raises alarms over us. Cybersecurity, A fake bank draft fools. The bank and signal archiving tool used by Trump admin is breached. Raising alarms over messaging security. This is cybersecurity today.
I'm your host, Jim Love. A coordinated supply chain attack has compromised between 501,000 e-commerce websites by exploiting vulnerabilities in 21 Magento extensions from vendors, Tigren, Meetanshi, and Magesolution (MGS) security firms.
Sansec discovered the attackers had injected back doors into these extensions as early as 2019 with the malicious code remaining dormant until activated in April, 2025, the backdoor allows remote code execution enabling attackers to upload and execute arbitrary PHP code on affected servers. The compromised extensions include Tigran's, Ajax Suite, Ajax cart, MultiCOD Meetanshi's Cookie Notice Currency, Switcher, and Defer JS and MGS' Lookbook. Store Locator and GDPR modules.
The backdoor operates through a malicious license check in files named license P or license API P, which execute attacker controlled code via functions like AdminLoadLicense. Earlier versions required no authentication. While later versions used hardcoded keys for access. Sansec advises merchants using these extensions to audit their installations immediately Affected files should be removed and servers should be scanned for additional malware.
Restoring from clean backups is recommended to ensure system integrity. This incident is just another in a series that underscores the importance of supply chain security and the need for vigilant monitoring of third party software components. In a similar story, A widely used open source go library. Easy. JSON used in healthcare, finance, and even defense has come under scrutiny. After cybersecurity firm, Hunted Labs revealed its deep ties to a sanctioned Russian company, the VK Group.
The tool integral to numerous US government and enterprise systems is maintained by developers based in Moscow, raising concerns about potential exploitation by Russian state actors. Easy. JSON is a JSON serialization Library for the go. Programming language, employed extensively across cloud native infrastructures. Hunted lab's. Investigation uncovered that the library is hosted on GitHub under mail. Ru a subsidiary of VK Group whose CEO, Vladimir Rinko is sanctioned by the US and the eu.
While no vulnerabilities have been detected, the potential for future compromise is significant. Given the library's pervasive use in critical sectors like defense, finance, and healthcare experts warn that Easy JSON could serve as a sleeper cell enabling supply chain attacks, data exfiltration or system disruptions. If it was manipulated,. Its integration into essential tools like Kubernetes, Prometheus, and Granfana amplify the risk as any compromise could cascade through dependent systems.
The situation underscores the need for heightened vigilance. In assessing the provenance of open source software modules, organizations are advised to audit their dependencies. Consider forking critical libraries to ensure control and implement robust monitoring to detect anomalous activities. As the open source ecosystem remains a cornerstone of modern infrastructure, ensuring its integrity is paramount to national and organizational security.
Now, just how this tool can be replaced is going to be no easy feat given how prevalent it is in so many open source packages and tools. a small business in Ontario, Canada, has fallen victim to a sophisticated bank draft scam, losing $108,000 after accepting what appeared to be a legitimate payment for construction equipment. The fraudulent draft was so convincing that even a bank teller at the company's bank initially deemed it authentic.
The scam involved a buyer presenting a counterfeit bank draft to purchase the equipment, believing the draft to be genuine. The business released the machinery. It wasn't until later that the bank that supposedly issued the draft identified it as a fake by which time the buyer had vanished with the equipment. fortunately, the company's insurance company honored this as theft, and the company got its money back.
The incident underscores the increasing sophistication of financial scams targeting businesses. Experts advise that when dealing with large transactions, sellers should verify bank drafts directly with the issuing bank before releasing the goods. Additionally, waiting for the draft to clear fully could provide an extra layer of security against such fraudulent activities.
and while this isn't strictly a cybersecurity issue, it might behoove our CISOs to have a quick chat with the CFO about this and other types of fraud that are increasingly attacking the finance functions.
if you thought that the scandal about the signal tool being used by the US Department of Defense couldn't go any further, It turns out that a messaging tool used by the Trump administration officials to archive encrypted signal messages has been hacked twice, forcing its suspension and raising new concerns over high level US communications and how they're being protected.
Tele message, an Israel based tool used by government agencies to archive encrypted messages from platforms like Signal, Telegram, and WeChat has shut down its services. After two hackers separately claimed to have breached the system. The company confirmed its investigating a potential security incident and suspended operations out of an abundance of caution, according to a spokesperson for Smarsh, which owns the app.
The breach came to light after Reuters published a photo of then National Security Advisor Mike Waltz, using Telem message on a signal like interface. Days later, 4 0 4. Media reported a hacker access to Telem messages backend in about 15 to 20 minutes. Gaining access to names and contact details of US officials, internal credentials, and client indicators. A second hacker reportedly told NBC news.
They independently accessed and downloaded a large cache of files, screenshots from April preserved by the internet. Archives show that telem messages now defunct website previously advertised support for archiving messages from Signal, Telegram, and WeChat. Today. Those pages redirect to a placeholder homepage, removing any mention of those services. But the problems with Telem message are not New Security experts have long questioned telem message's approach.
The tool appeared to bypass Signal's end to end encryption designed so messages are readable only to the sender and receiver by storing copies of those messages for later retrieval. That process critics warned could undermine the core security that signal was built to protect. Now, it makes you wonder who, if anyone is actually advising the most senior members of the Trump cabinet on security. Either that person or persons are incompetent or they've been overruled if they need someone.
Good. I hear Chris Krebs is free and apparently not afraid to speak truth to power. And that's our show. Love to hear your comments. You can reach me at [email protected] or on LinkedIn, and if you're watching this on YouTube, just drop a comment under the video. I'm your host, Jim. Love. Thanks for listening.