While the Log4j crisis was a wakeup call for many, mitigating it does not solve the larger issues of supply chain attacks. It’s more important than ever to put practices in place to manage your supply chain risk. Supply chain breaches continue to be discovered. Just after the new year, for example, researchers at Palo Alto Networks detected a software supply chain campaign infecting Sotheby’s real estate websites with data-stealing skimmers. The campaign was distributed via a Brightcove cloud video platform instance.
In order to skim sensitive data from websites, attackers of this type inject malicious JavaScript code to take over the functionality of HTML form pages, collect sensitive user information, and redirect it to a malicious collection server.
