News Formal

Over 35 Tech Companies Compromised in Novel Software Supply Chain Attack | HackerNoon

  • 📰 hackernoon
  • ⏱ Reading Time:
  • 42 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 20%
  • Publisher: 51%

Colombia Noticias Noticias

Colombia Últimas Noticias,Colombia Titulares

'Over 35 Tech Companies Compromised in Novel Software Supply Chain Attack' by sonatype sonatype vulnerabilities

foobarIn this case, that would mean, the attacker’s counterfeitmake its way into your software build.

He wondered what would happen if he squatted the private package names listed in the manifest on the npm open-source registry, open to everyone. All other 200+ packages published by Birsan in npm, RubyGems, and PyPI ecosystems contain identical code and perform the same actions. “At this point, I feel that it is important to make it clear that every single organization targeted during this research has provided permission to have its security tested, either through public bug bounty programs or through private agreements. Please do not attempt this kind of test without authorization,” Birsan has warned in his blog post.

And the biggest leverage the researcher had in this attack, it triggered automatically without requiring human error as we have seen with typosquatting and brandjacking attacks.

Hemos resumido esta noticia para que puedas leerla rápidamente. Si estás interesado en la noticia, puedes leer el texto completo aquí. Leer más:

 /  🏆 532. in CO
 

Gracias por tu comentario. Tu comentario será publicado después de ser revisado.

Colombia Últimas Noticias, Colombia Titulares

Similar News:También puedes leer noticias similares a ésta que hemos recopilado de otras fuentes de noticias.

Shipping, manufacturing delays upset board game industryBoard game publishers say supply chain and manufacturing issues have forced them to raise prices.
Fuente: fox7austin - 🏆 594. / 51 Leer más »