dependency confusion – WindowsTechs.com

This Week in Security: APT Targeting Researchers, and Someone Watching All the Cameras

Posted on March 12, 2021 by Jonathan Bennett

Microsoft’s Patch Tuesday just passed, and it’s a humdinger. To add the cherry on top, two seperate BSOD inducing issues led to Microsoft temporarily pulling the update.

Among the security vulnerabilities fixed is CVE-2021-26897, another remote code exploit in the …read more

Continue reading This Week in Security: APT Targeting Researchers, and Someone Watching All the Cameras→

Securing Software Supply Chains and Dependency Confusion – An Industry Perspective

Posted on March 8, 2021 by Derek Weeks

Following a growing trend in software supply chain attacks which use “dependency or namespace confusion” techniques, I sat down for a discussion on software supply chain security with a few experts on the topic.
The post Securing Software Supply C… Continue reading Securing Software Supply Chains and Dependency Confusion – An Industry Perspective→

Sonatype Releases New Nexus Firewall Policy to Secure Software Supply Chains from “Dependency Confusion” Attacks

Posted on March 4, 2021 by Brent Kostak

As news continues to cascade on a recent dependency hijacking software supply chain attack, detection of dependency confusion, a.k.a. namespace confusion, copycat packages are on the rise. These counterfeit packages, presenting the same attack met… Continue reading Sonatype Releases New Nexus Firewall Policy to Secure Software Supply Chains from “Dependency Confusion” Attacks→