35 Tech Companies Including Microsoft, Netflix, and Apple Attacked By Hackers
A security researcher going by the name of Alex Birsan successfully ran codes on servers of 35 major tech companies.
Microsoft, Google, Apple, Tesla, PayPal, and others are some of the companies the hacker got access to.
According to the website Bleeping Computer, the cybersecurity expert made use of exploits that allowed him to run codes on the servers. The security vulnerability is termed as a novel software supply chain attack.
I feel that it is important to make it clear that every single organization targeted during this research has provided permission to have its security tested, either through public bug bounty programs or through private agreements. Please do not attempt this kind of test without authorization.– Alex Birsan said in the report
Also Read: Vivo S9 5G Spotted on 3C Certification
Bug Bounty Rewards
Birsan is an approved security expert and is one of the bug bounty hunters in the industry. He has garnered more than $130,000 from this exploit.
The biggest bug bounty he earned came from Microsoft, who awarded him $40,000. Known as CVE-2021-24105, Microsoft has released a white paper covering the issue.
On the other hand, Paypal has paid Birsan $30,000 as the bounty amount. Apple also acknowledged the bug and said they will reward the researcher shortly.
I believe that finding new and clever ways to leak internal package names will expose even more vulnerable systems, and looking into alternate programming languages and repositories to target will reveal some additional attack surface for dependency confusion bugs.Alex Birsan in his blog post.
The novel software chain attack involved uploading malicious code on open-source repositories. The users don’t need to do anything on their side since the code is delivered via update automatically.
This is quite alarming if we take into consideration that almost all companies make use of open-source repositories.
- Avita Liber V14 - This Could Be The Best Laptop Under 50000.
- OPPO Band Style is more like a fitness watch, which appears quite stylish and comes with multiple features.
- Before you buy the POCO X3 Pro in India, you must watch and read this to set the right expectations.
- We have compared POCO X3 Pro and Redmi Note 10 Pro Max. Read till the end to know which one is better?
- I recall my first hands-on experience with a Tecno smartphone was in 2018. From then till now, Tecno has significantly grown in India. I have had friends coming up to me talking about their Tecno smartphones. Today, we have one such promising smartphone from the brand, it’s their all-new Tecno Spark 7. For those who…