Dependency confusion allows bad actors to emulate internal software packages to gain access to developer workstations and critical build infrastructure. Understand this entirely new supply chain issue and how to manage against it.
Repo jacking is an insidious software supply chain issue. Attackers can take over upstream packages if the original owner changes or deletes his/her username.
In late 2020, one of the most devastating cyber attacks of the last decade was discovered: the SolarWinds breach.
Picking up where we left off in the last article, we need to start thinking about improving our situation. To recap, we've now got initial execution on a victim system,
What does a malicious package actually look like in practice? We'll walk through some hypothetical exercises to see how malware generally works, and what sort of functions we might expect,
What does the upstream for major packages really look like? Over the past few years, the shape of the open source ecosystem landscape has shifted drastically, exploding both in the
In November of 2018 a malicious Javascript package was identified and subsequently removed from the NPM ecosystem. A nefarious modification was introduced into this package, flatmap-stream, which was then added