typosquatting
-
What I discovered after generating 227K mimic package names — and how you can protect yourselfMalicious packages lurk in NPM and PyPI — especially in NPM. If you’ve built front-end apps, you’ve likely used npm, pnpm, or yarn. You’ve probably tweaked package.json or run npm add something.These tools streamline dependency management. Each install pulls code from npmjs.com and runs scripts…
-
The Lazarus Group, North Korea’s notorious state-backed cyber threat actor, has infiltrated the npm ecosystem once again, deploying The post Typosquatting & Backdoors: Lazarus’ Latest npm Campaign appeared first on Cybersecurity News.
-
The Cybersec CaféGitHub Actions is an extremely powerful tool that a majority of developers find indispensable these days.For those who don’t know, GitHub Actions (GHA) is a tool integrated in GitHub that allows you to execute workflows right from your GitHub repositories.These workflows can be configured from scratch using a .yml configuration file or downloaded from the extensive…
-
MalBot December 13, 2024, 10:50am 1 As we navigate the internet, it’s easy to fall victim to scams that aim to trick us into revealing sensitive information or downloading malicious software. One such threat is known as typosquatting, a simple but effective cyberattack that can catch almost anyone unawares.
-
The developer community should be vigilant by the discovery of six malicious npm packages masquerading as popular libraries. According to a recent report by Socket’s threat research team, these packages exploit typographical errors to infiltrate developers’ systems and inject SSH backdoors.
-
MalBot November 12, 2024, 4:50pm 1 Article Link: Typosquatting NPM, vulnerability analysis, and AI challenges – ASW #307 | SC Media
-
[Submitted on 1 Nov 2024] View a PDF of the paper titled Typosquatting 3.0: Characterizing Squatting in Blockchain Naming Systems, by Muhammad Muzammil and 4 other authors
-
In a recent cybersecurity discovery, Hunt.io’s Threat Hunting Platform unveiled a new Rekoobe backdoor, this time found lurking in open directories and possibly designed to target unsuspecting TradingView users. Known for its history with APT31, or Zirconium, Rekoobe has resurfaced, showing signs of sophisticated encryption and customized command-and-control protocols aimed at evading detection.
-
Sep 06, 2024Ravie LakshmananSoftware Security / Hacking
-
“This level of access can be risky if an action is malicious — it could install malware, steal secrets, or make covert changes to your code,” the Orca researchers warn. “The implications of such access can be devastating. Imagine an action that exfiltrates sensitive information or modifies code to introduce subtle bugs or backdoors, potentially…
-
In the world of software development, automation is a huge time-saver, and GitHub Actions is one of the best tools for the job. GitHub Actions allow developers to automate, customize, and execute their software development workflows right in their GitHub repository. You can set up continuous integration and continuous delivery (CI/CD) pipelines, run tests, deploy…
-
Authors/Presenters: *Shradha Neupane, Grant Holmes, Elizabeth Wyss, Drew Davidson, Lorenzo De Carli Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
-
Lessons from the PyPI Breach for Open-Source and AI/ML Security This is the first of a two-part blog series addressing key lessons learned from the PyPI security incidents. This first blog post explains the nature of the “typosquatting” adversary technique used to target the Python Package Index (PyPI) and its significant impact on AI/ML development.…
-
Highlights: PiPI is one of the largest Indexes, with more than 800,000 users Check Point CloudGuard identified a typosquatting campaign on PyPI, comprising over 500 malicious packages. Installation of these packages exposed users to potential theft of their personally identifiable information (PII) and the installation of malware on their systems. Upon detection, we promptly notified…
-
“A 20-year-old Trojan resurfaced recently,” reports Dark Reading, “with new variants that target Linux and impersonate a trusted hosted domain to evade detection.” Researchers from Palo Alto Networks spotted a new Linux variant of the Bifrost (aka Bifrose) malware that uses a deceptive practice known as typosquatting to mimic a legitimate VMware domain, which allows…
-
ReversingLabs points out that these type of malicious supply chain attacks are now available to low-skill threat actors and script kiddies.
-
ReversingLabs researchers have identified a new, malicious supply chain attack affecting the npm platform. The “typosquatting” campaign first appeared in August and pushed a malicious package, node-hide-console-windows, which downloaded a Discord bot that facilitated the planting of an open source rootkit, r77.