RubyGems – WindowsTechs.com

RubyGems supply chain rip-and-replace bug fixed – check your logs!

Posted on May 9, 2022 by Paul Ducklin

Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself “Frank”. Continue reading RubyGems supply chain rip-and-replace bug fixed – check your logs!→

RubyGems Packages Laced with Bitcoin-Stealing Malware

Posted on December 17, 2020 by Tara Seals

Two malicious software building blocks that could be baked into web applications prey on unsuspecting users. Continue reading RubyGems Packages Laced with Bitcoin-Stealing Malware→

2 New RubyGems laced with cryptocurrency stealing malware taken down

Posted on December 16, 2020 by Ax Sharma

This month, RubyGems removed 2 gems from its open source software repository that contained malicious code. These gems, tracked as sonatype-2020-1222 by us, are:
The post 2 New RubyGems laced with cryptocurrency stealing malware taken down appeare… Continue reading 2 New RubyGems laced with cryptocurrency stealing malware taken down→

Trove of RubyGems malware highlights software supply chain issues

Posted on April 23, 2020 by Danny Bradbury

Ruby developers beware: a would-be cryptocurrency thief is out to get at your digital wallet, and they’re using typosquatting code to do it. Continue reading Trove of RubyGems malware highlights software supply chain issues→

Nexus Intelligence Insights: Protect Your Bitcoins from 700+ Malicious RubyGems with sonatype-2020-0196

Posted on April 23, 2020 by Akshay 'Ax' Sharma

Last week news broke about how 700 typosquatting libraries had made their way into the famous RubyGems repository. The complete list, first published by Reversing Labs, reveals how crafty attackers can take advantage of the open source software su… Continue reading Nexus Intelligence Insights: Protect Your Bitcoins from 700+ Malicious RubyGems with sonatype-2020-0196→

Bitcoin Stealers Hide in 700+ Ruby Developer Libraries

Posted on April 20, 2020 by Tara Seals

Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source components that are used as basic application building blocks by software developers. Continue reading Bitcoin Stealers Hide in 700+ Ruby Developer Libraries→

Hackers use typosquatting to trojanize 700 libraries in Ruby Repository

Posted on April 17, 2020 by Sudais Asif

By Sudais Asif
In the traditional sense, we usually come across typosquatting in the form of attackers creating misspelled domain names…
This is a post from HackRead.com Read the original post: Hackers use typosquatting to trojanize 700 libraries in … Continue reading Hackers use typosquatting to trojanize 700 libraries in Ruby Repository→

760+ malicious packages found typosquatting on RubyGems

Posted on April 17, 2020 by Zeljka Zorz

Researchers have discovered over 760 malicious Ruby packages (aka “gems”) typosquatting on RubyGems, the Ruby community’s gem repository / hosting service. The discovery ReversingLabs analysts wanted to see how widespread the practice of pa… Continue reading 760+ malicious packages found typosquatting on RubyGems→

What is a Package Dependency Manager?

Posted on January 22, 2020 by Ember DeBoer

This is an excerpt from Out of the Wild: A Beginner’s Guide to Package and Dependency Management, a Sonatype Guide. This is the first of three installments.

The post What is a Package Dependency Manager? appeared first on Security Boulevard.
Continue reading What is a Package Dependency Manager?→

Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security

Posted on August 23, 2019 by Brian Fox

Over the last several years, we’ve been raising awareness of breaches to popular open source software components and the worrying trend that they are more frequently being attacked at the source – bad actors are growing bolder and the veloci… Continue reading Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security→