RubyGems – Page 2 – WindowsTechs.com

Backdoored Ruby gems stole credentials, injected cryptomining code

Posted on August 21, 2019 by Zeljka Zorz

The compromise of several older versions of a popular Ruby software package (aka a Ruby “gem”) has led to the discovery of a more widespread effort to inject malware and mining software through Trojanized gems. What happened? Two days ago, … Continue reading Backdoored Ruby gems stole credentials, injected cryptomining code→

Backdoor discovered in Ruby strong_password library

Posted on July 9, 2019 by John E Dunn

An eagle-eyed developer has discovered a backdoor recently sneaked into a library (or ‘gem’) used by Ruby on Rails (RoR) web apps to check password strength. Continue reading Backdoor discovered in Ruby strong_password library→

Bootstrap supply chain attack is another attempt to poison the barrel

Posted on April 8, 2019 by Lisa Vaas

Somebody smuggled something bad into the vast third-party, open-source supply chain we all depend upon. Continue reading Bootstrap supply chain attack is another attempt to poison the barrel→

Backdoor vulnerability in open source tool exposes thousands of apps to remote code execution

Posted on April 4, 2019 by Jeff Stone

Roughly 28 million users have downloaded a malicious version of a popular open source framework that masquerades as the real thing, but in fact gives a hackers a back door into applications. A compromised version of the website development tool bootstrap-sass was published to the official RubyGems repository, a hub where programmers can share their application code. The open source security firm Snyk alerted developers to the issue Wednesday, advising users to update their systems away from the infected framework (version 3.2.0.3). “That doesn’t mean there are something like 27 million apps out there using this,” said Chris Wysopal, chief technology officer at app security company Veracode. “[But] when you’re using open source packages to build your applications, you’re inheriting many of the vulnerabilities. … But bootstrap-sass is a popular component used by enterprises and startups so there’s potentially thousands of applications affected by this.” While the vulnerability is serious — hackers […]

The post Backdoor vulnerability in open source tool exposes thousands of apps to remote code execution appeared first on CyberScoop.

Continue reading Backdoor vulnerability in open source tool exposes thousands of apps to remote code execution→

RubyGems Patches Remote Code Execution Vulnerability

Posted on October 11, 2017 by Michael Mimoso

RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems. Continue reading RubyGems Patches Remote Code Execution Vulnerability→