Software Vendor Who Hid ‘Supply Chain’ Breach Outed

tsu doh nimh writes: Researchers at RSA released a startling report last week that detailed a so-called “supply chain” malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation’s largest companies. This intrusion would probably not be that notable if the software vendor didn’t have a long list of Fortune 500 customers, and if the attackers hadn’t also compromised the company’s update servers — essentially guaranteeing that customers who downloaded the software prior to the breach were infected as well. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure as a page inside of its site — not linking to it anywhere. Brian Krebs went and dug it up. Spoiler: the product/vendor in question is EVlog by Altair Technologies Ltd.


Share on Google+

Read more of this story at Slashdot.

Clip to Evernote

Leave a Reply

Your email address will not be published. Required fields are marked *