ByteDance initiates talks to sell TikTok's India assets
Following India's ban on TikTok and several other apps with a Chinese origin last June, the holding company has tried various means to connect back with its local audience.
Read More
Blog
- Home /
- Blog
Monday.com says its source code was hit in recent cyberattack
Online collaboration tool Monday.com has acknowledged that cybercriminals accessed a read-only copy of its source code.
Monday.com is an project management platform that counts the likes of Uber, BBC Studios, Adobe, Universal, Hulu, L'Oreal, Coca-Cola, and Unilever as customers.
The platform is one of a growing list of targets that has fallen prey to a supply-chain attack on software auditing company Codecov last month.
TechRadar needs you!
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
- These are the best online collaboration tools
- Check our collection of the best endpoint protection tools
- Here's our choice of the best malware removal software on the market
Unauthorized users modified Codecov’s bash uploader script and used it for several months to siphon off credentials of its customers, one of them being Monday.com.
“While we have seen evidence that our source code was accessed due to the Codecov vulnerability, to date, we have found no evidence of any unauthorized modifications to our source code, or any impact on our products,” wrote Monday.com in a blog post last week, outlining their response to the Codecov incident.
The company was forced to reveal the news in documents filed with the U.S. Securities and Exchange Commission (SEC) as it prepares a stock exchange listing in the country.
Supply chain victims
Monday.com is just one in the string of Codecov customers that has been compromised by the Codecov attackers in typical supply-chain attack fashion.
Last month, an anonymous investigator from the FBI's San Francisco office told Reuters that the Codecov attackers put extra effort to break into the software auditing company that has thousands of customers, in order to infiltrate other “makers of software development programs” as well as companies that themselves provide many customers with technology services.
In addition to Monday.com, reports suggest that cybersecurity firm Rapid7, software developers HashiCorp, cloud communications platform Twilio, cloud services provider Confluent, and insurance company Coalition, have all been affected by the Codecov breach in some way.
- Protect your devices with these best antivirus software
Via BleepingComputer
Date
18 May 2021Sources
Other Blog
-
-
Windows 11 could have a cool new way to wake your PC
Windows 11 could have the magic touch, enabling waking a device simply by prodding the touchscreen.
Read More -
Google Chrome hacked - but not by who you'd expect
Hacking plans are part of Google’s efforts to help web developers create Spectre-resistant websites.
Read More -
Rise of biometrics and contactless signal demise of the magnetic stripe
The familiar magnetic stripe on the back of Mastercard payment cards is set to disappear altogether by 2033.
Read More
Find Out More About Us
Want to hire best people for your project? Look no further you came to the right place!