Collaborate Disseminate
This month, RubyGems removed 2 gems from its open source software repository that contained malicious code. These gems, tracked as sonatype-2020-1222 by us, are:
The post 2 New RubyGems laced with cryptocurrency stealing malware taken down appeare… Continue reading 2 New RubyGems laced with cryptocurrency stealing malware taken down
Over the Thanksgiving weekend, Sonatype discovered new malware within the npm registry. This time, the typosquatting packages identified by us are laced with a popular Remote Access Trojan (RAT).
The post There’s a RAT in my code: new npm malware … Continue reading There’s a RAT in my code: new npm malware with Bladabindi trojan spotted
Sonatype has discovered more malware in the npm registry which, following our analysis and multiple cyber threat intelligence reports, has led to the discovery of a novel and large scale malware campaign leveraging the open-source ecosystem.
The p… Continue reading Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware
Sonatype researchers discovered and confirmed the presence of two new vulnerable npm packages. Sonatype’s discovery was initially made by its malicious code detection bots. By applying machine learning and artificial intelligence to identify suspi… Continue reading Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web
This weekend a report emerged of mysterious npm malware stealing sensitive information from Discord apps and web browsers installed on a user’s machine.
The post Inside the “fallguys” malware that steals your browsing data and gaming IMs; Continue… Continue reading Inside the “fallguys” malware that steals your browsing data and gaming IMs; Continued attack on open source software
The NodeJS component express-fileupload – touting 7 million downloads from the npm registry – now has a critical Prototype Pollution vulnerability.
The post From Prototype Pollution to full-on remote code execution, how can adversaries exploit np… Continue reading From Prototype Pollution to full-on remote code execution, how can adversaries exploit npm modules?
For this month’s Nexus Intelligence Insights, we explore an interesting case of ReDoS vulnerability impacting the popular npm component, SheetJS, also known as “xlsx”. It may pique your interest to learn that this vulnerability w… Continue reading Nexus Intelligence Insights: xlsx aka SheetJS – Regular Expression Denial of Service (ReDoS) and sonatype-2018-0622
Last week news broke about how 700 typosquatting libraries had made their way into the famous RubyGems repository. The complete list, first published by Reversing Labs, reveals how crafty attackers can take advantage of the open source software su… Continue reading Nexus Intelligence Insights: Protect Your Bitcoins from 700+ Malicious RubyGems with sonatype-2020-0196
For this month’s Nexus Intelligence Insights, let’s dive deep into the popular Ghostcat vulnerability making headlines recently.
This vulnerability deserves attention as it impacts the widely used Apache Tomcat web server, has at least… Continue reading Nexus Intelligence Insights: What’s in a Ghostcat? CVE-2020-1938 Apache Tomcat – Local File Inclusion Potentially Leads to RCE
In the wake of the serious Jenkins vulnerability impacting at least 12,000 Jenkins servers, we dedicate February’s Nexus Intelligence Insights to helping you solve it.
This vulnerability is clever; it opens up two potential lines of attack. … Continue reading Nexus Intelligence Insights CVE-2020-2100: Jenkins – UDP Amplification Reflection Attack Leading to Distributed Denial of Service (DDoS)