Elisa Velarde – WindowsTechs.com

Nexus Intelligence Insights: Sonatype-2020-0003 – npm malicious package 1337qq-js

Posted on January 15, 2020 by Elisa Velarde

Happy New Year! Nexus Intelligence Insights is back with an open source component vulnerability that turns out to be not so bad after all.
The post Nexus Intelligence Insights: Sonatype-2020-0003 – npm malicious package 1337qq-js appea… Continue reading Nexus Intelligence Insights: Sonatype-2020-0003 – npm malicious package 1337qq-js→

Nexus Intelligence Insights: CVE-2018-5382 Bouncycastle Information Exposure

Posted on December 26, 2019 by Elisa Velarde

For our last Nexus Intelligence Insight of 2019, we’ll cover a component vulnerability discovered in a not-so-happy accident that appears far more dangerous than the researcher had previously hypothesized.
The post Nexus Intelligence Insights: CVE… Continue reading Nexus Intelligence Insights: CVE-2018-5382 Bouncycastle Information Exposure→

Nexus Intelligence Insights: CVE-2018-16487 Lodash RCE + ‘prototype’ pollution

Posted on November 27, 2019 by Elisa Velarde

The post Nexus Intelligence Insights: CVE-2018-16487 Lodash RCE + ‘prototype’ pollution appeared first on Security Boulevard.
Continue reading Nexus Intelligence Insights: CVE-2018-16487 Lodash RCE + ‘prototype’ pollution→

Nexus Intelligence Insights Sonatype-2017-0312: jackson-databind, The End of the Blacklist

Posted on October 10, 2019 by Elisa Velarde

For our October Nexus Intelligence Insight we will return to a very popular component that has been both a blessing and a curse to developers around the world. We’ll cover a fundamental change to a default setting and how that change in &#82… Continue reading Nexus Intelligence Insights Sonatype-2017-0312: jackson-databind, The End of the Blacklist→

Nexus Intelligence Insights CVE-2019-15753: OpenStack (os-vif), Denial of Service & Information Exposure

Posted on September 27, 2019 by Elisa Velarde

Our news feeds are filled with reports of malicious attacks on open source code at the project source, most of which are bad actors leveraging code bases for their own gain. While we’re taking this growing issue, more seriously than anyone else, w… Continue reading Nexus Intelligence Insights CVE-2019-15753: OpenStack (os-vif), Denial of Service & Information Exposure→

Nexus Intelligence Insights: Sonatype-2018-0413, flatmap-stream’s back, back again

Posted on August 20, 2019 by Elisa Velarde

Thought you cleaned up your malicious flatmap-stream code? Check again.
You may have thought you’d read everything there was to read about flatmap-stream and as a result, fixed the offending component once and for all. However, after a deep… Continue reading Nexus Intelligence Insights: Sonatype-2018-0413, flatmap-stream’s back, back again→

Nexus Intelligence Insights: CVE-2019-13354: ‘strong_password’ embedded malicious code, RubyGems

Posted on July 10, 2019 by Elisa Velarde

We typically don’t follow one monthly Nexus Intelligence Insights post on the heels of another, but July’s vulnerability is time sensitive so we didn’t want to delay getting the next edition out for everyone to read.
The post Nex… Continue reading Nexus Intelligence Insights: CVE-2019-13354: ‘strong_password’ embedded malicious code, RubyGems→

Nexus Intelligence Insights: CVE-2018-1109-Braces Regular expression Denial of Service (ReDoS) attack

Posted on June 28, 2019 by Elisa Velarde

The post Nexus Intelligence Insights: CVE-2018-1109-Braces Regular expression Denial of Service (ReDoS) attack appeared first on Security Boulevard.
Continue reading Nexus Intelligence Insights: CVE-2018-1109-Braces Regular expression Denial of Service (ReDoS) attack→