Sonatype stellt Abhängigkeitsmanagement der nächsten Generation vor | Pressemitteilung

Ressourcen

Inhalte

Sonatype-Partner

Community

Bevorstehende Events

2020 State of the Software Supply Chain

Nexus Intelligence-Insights

Jetzt testen  
Video ansehen

Deep dive into Sonatype Security Research

See incredible research performed (24x7x365) by our team.  Learn how open source exploits work.  Get expert guidance on how to remediate risk.

2 New RubyGems laced with cryptocurrency stealing malware taken down

By Ax Sharma on December 16, 2020 vulnerabilities

This month, RubyGems removed 2 gems from its open source software repository that contained malicious code. These gems, tracked as sonatype-2020-1222 by us, are:

Weiterlesen
Malicious typosquatting open source packages in npm are laced with a popular Remote Access Trojan (RAT).

There’s a RAT in my code: new npm malware with Bladabindi trojan spotted

By Ax Sharma on December 01, 2020 vulnerabilities

Over the Thanksgiving weekend, Sonatype discovered new malware within the npm registry. This time, the typosquatting packages identified by us are laced with a popular Remote Access Trojan (RAT).

Weiterlesen

Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware

By Ax Sharma on November 16, 2020 vulnerabilities

Sonatype has discovered more malware in the npm registry which, following our analysis and multiple cyber threat intelligence reports, has led to the discovery of a novel and large scale malware

Weiterlesen

Discord.dll: successor to npm “fallguys” malware went undetected for 5 months

By Ax Sharma on November 09, 2020 vulnerabilities

This week, the Sonatype Security Research team has identified a series of counterfeit components in the npm ecosystem. These intentionally malicious packages seem to be doing similar, shady things

Weiterlesen

Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers

By Ax Sharma on November 08, 2020 github

Just months after Octopus Scanner was caught infecting 26 open-source projects on GitHub, new reports have already surfaced of another, new sophisticated malware infection. Gitpaste-12, a worming

Weiterlesen

Trick or treat: that `twilio-npm` package is brandjacking malware in disguise!

By Ax Sharma on November 02, 2020 vulnerabilities

As if the increasing attacks on the open source ecosystem and vulnerabilities making headlines weren’t scary enough events, this Halloween devs were exposed to another malicious trick

Weiterlesen

Discord squashes critical Electron bugs: open source attacks continue to grow

By Ax Sharma on October 21, 2020 Nexus Lifecycle

My colleague has two kids, ages 9 and 12.  Since the COVID lockdowns they have been playing more online games and each of them use Discord to chat with their friends during gameplay.  Did my

Weiterlesen

Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web

By Ax Sharma on September 30, 2020 vulnerabilities

Sonatype researchers discovered and confirmed the presence of two new vulnerable npm packages. Sonatype’s discovery was initially made by its malicious code detection bots. By applying machine

Weiterlesen
fallguys

Inside the “fallguys” malware that steals your browsing data and gaming IMs; Continued attack on open source software

By Ax Sharma on September 02, 2020 vulnerabilities

This weekend a report emerged of mysterious npm malware stealing sensitive information from Discord apps and web browsers installed on a user’s machine.

Weiterlesen

From Prototype Pollution to full-on remote code execution, how can adversaries exploit npm modules?

By Ax Sharma on August 19, 2020 vulnerabilities

The NodeJS component express-fileupload - touting 7 million downloads from the npm registry -  now has a critical Prototype Pollution vulnerability.

Weiterlesen
apache tomcat vulnerability

Nexus Intelligence Insights:CVE-2020-13935 - Apache Tomcat Websocket - Denial of Service (DoS)

By Ax Sharma on July 29, 2020 vulnerabilities

For July’s Nexus Intelligence Insight we take a deep dive into a Denial of Service (DoS) vulnerability impacting the popular Apache Tomcat Websocket component.

Weiterlesen

Nexus Intelligence Insights: xlsx aka SheetJS - Regular Expression Denial of Service (ReDoS) and sonatype-2018-0622

By Ax Sharma on May 06, 2020 vulnerabilities

For this month’s Nexus Intelligence Insights, we explore an interesting case of ReDoS vulnerability impacting the popular npm component, SheetJS, also known as “xlsx”. It may pique your interest

Weiterlesen
bitcoin

Nexus Intelligence Insights: Protect Your Bitcoin from 700+ Malicious RubyGems with sonatype-2020-0196

By Ax Sharma on April 23, 2020 vulnerability

Last week news broke about how 700 typosquatting libraries had made their way into the famous RubyGems repository. The complete list, first published by Reversing Labs, reveals how crafty

Weiterlesen
Twitter LinkedIn Facebook Instagram YouTube GitHub
Produkte
OSS Recherche
Lösungen
Ressourcen
Company
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102
Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia 
London Office - 168 Shoreditch High Street, E1 6HU London

Copyright © 2008–heute, Sonatype Inc. Alle Rechte vorbehalten. Schließt hier aufgeführten Drittanbietercode ein. Sonatype und Sonatype Nexus sind Warenzeichen von Sonatype, Inc. Apache Maven und Maven sind Warenzeichen der Apache Software Foundation. M2Eclipse ist ein Warenzeichen der Eclipse Foundation. Alle anderen Warenzeichen sind Eigentum der jeweiligen Inhaber.

Nutzungsbedingungen    Datenschutzrichtlinie    Event Terms and Conditions