Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
4 résultats taggé Package  ✕
Redline Dropped Through MSIX Package https://isc.sans.edu/diary/Redline+Dropped+Through+MSIX+Package/30404/?is=e4f6b16c6de31130985364bb824bcb39ef6b2c4e902e4e553f0ec11bdbefc118
17/11/2023 08:39:15
QRCode
archive.org

Redline Dropped Through MSIX Package, Author&colon

isc.sans.edu SANS 2023 EN Redline MSIX Package analysis
Google Online Security Blog: The Package Analysis Project: Scalable detection of malicious open source packages https://security.googleblog.com/2022/04/the-package-analysis-project-scalable.html
03/05/2022 09:58:30
QRCode
archive.org
thumbnail

Despite open source software’s essential role in all software built today, it’s far too easy for bad actors to circulate malicious packages that attack the systems and users running that software. Unlike mobile app stores that can scan for and reject malicious contributions, package repositories have limited resources to review the thousands of daily updates and must maintain an open model where anyone can freely contribute. As a result, malicious packages like ua-parser-js, and node-ipc are regularly uploaded to popular repositories despite their best efforts, with sometimes devastating consequences for users.

google 2022 EN opensource Package Analysis Project malicious packages
Introducing Package Analysis: Scanning open source packages for malicious behavior https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/
02/05/2022 10:50:10
QRCode
archive.org

Today we’re pleased to announce the initial prototype version of the Package Analysis project, an OpenSSF project addressing the challenge of identifying malicious packages in popular open source repositories. In just one month of analysis, the project identified more than 200 malicious packages uploaded to PyPI and npm.

openssf EN 2022 Analysis Scan opensource packages Package behavior
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica https://arstechnica.com/information-technology/2022/03/sabotage-code-added-to-popular-npm-package-wiped-files-in-russia-and-belarus/
20/03/2022 00:02:22
QRCode
archive.org
thumbnail

When code with millions of downloads nukes user files, bad things can happen.

Sabotage arstechnica EN 2022 NPM Russia cyberwar node-ipc package CVE-2022-23812
2000 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio