Over 35 Tech Companies Compromised in Novel Software Supply Chain Attack | HackerNoon

  • 📰 hackernoon
  • ⏱ Reading Time:
  • 42 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 20%
  • Publisher: 51%

Sverige Nyheter Nyheter

Sverige Senaste nytt,Sverige Rubriker

'Over 35 Tech Companies Compromised in Novel Software Supply Chain Attack' by sonatype sonatype vulnerabilities

foobarIn this case, that would mean, the attacker’s counterfeitmake its way into your software build.

He wondered what would happen if he squatted the private package names listed in the manifest on the npm open-source registry, open to everyone. All other 200+ packages published by Birsan in npm, RubyGems, and PyPI ecosystems contain identical code and perform the same actions. “At this point, I feel that it is important to make it clear that every single organization targeted during this research has provided permission to have its security tested, either through public bug bounty programs or through private agreements. Please do not attempt this kind of test without authorization,” Birsan has warned in his blog post.

And the biggest leverage the researcher had in this attack, it triggered automatically without requiring human error as we have seen with typosquatting and brandjacking attacks.

 

Tack för din kommentar. Din kommentar kommer att publiceras efter att ha granskats.
Vi har sammanfattat den här nyheten så att du kan läsa den snabbt. Om du är intresserad av nyheterna kan du läsa hela texten här. Läs mer:

 /  🏆 532. in SE

Sverige Senaste nytt, Sverige Rubriker

Similar News:Du kan också läsa nyheter som liknar den här som vi har samlat in från andra nyhetskällor.

Shipping, manufacturing delays upset board game industryBoard game publishers say supply chain and manufacturing issues have forced them to raise prices.
Källa: fox7austin - 🏆 594. / 51 Läs mer »