Typo-squatting NPM software supply chain attack uncovered
Combined with typo-squatting, bad actors have attempted to cover up the malicious code lurking within packages using an obfuscator. The JavaScript Obfuscator tool is designed to protect code from reverse engineering and tampering. Miscreants have taken to using it to disguise JavaScript with more nefarious purposes. As such, engineers have taken its use as an indicator that a package might merit a closer look.asked the package slinger and its parent, GitHub, what could be done about the attack.
As with all too many attacks, it appears to depend on users not being totally clear on what they are downloading. In its blog post on the matter, ReversingLabs noted that:"The decentralized and modular nature of application development means that applications and services are only as strong as their least secure component.
"The success of this attack – with more than two dozen malicious modules available for download on a popular package repository, and one of them with 17,000 downloads in a matter of weeks – underscores the freewheeling nature of application development, and the low barriers to malicious or even vulnerable code entering sensitive applications and IT environments." ®
Brasil Últimas Notícias, Brasil Manchetes
Similar News:Você também pode ler notícias semelhantes a esta que coletamos de outras fontes de notícias.
Kimbal Musk's new company buys Intel's light drone businessYet another sign x86 giant has moved past Krzanich era to focus on core chip businesses
Consulte Mais informação »
Oil And Gas Stocks Provide A Glimmer Of Light In A Dark Market | OilPrice.comThough the market is reeling, oil and gas stocks are booming thanks to the rise in commodity prices fueled by the Ukraine war
Consulte Mais informação »
KNOG looks out for your bike with Scout, their new light weight bike alarm & tracking device!Knog, the Australian designer of bike accessory, releases the Scout, which is both a super loud bike alarm and highly accurate bike finder.
Consulte Mais informação »
Sheila Garvie: Glasgow author's book throws new light on 'Scotland's most salacious' murder trialThe three versions of what happened are almost entirely contradictory 👀
Consulte Mais informação »
I’m a size 16 and picked up the perfect light trousers for summer from TescoTOO thick, too tight or too loose. They’re just some of the issues people can have when searching for the perfect pair of summer trousers. But one woman claims to have found an absolute steal…
Consulte Mais informação »
Leeds church dating back to 1828 could become incredible six-bedroom home if plans given green lightA grade II listed church which dates back to 1828 could be transformed into an incredible six bedroom house if new plans are given the green light.
Consulte Mais informação »