security
How to Understand and Defend Against SolarWinds-Type Attacks
In late 2020, one of the most devastating cyber attacks of the last decade was discovered: the SolarWinds breach. It was a notable event for two primary reasons. First, the
The Anatomy of a Malicious Package (Part 2)
Picking up where we left off in the last article, we need to start thinking about improving our situation. To recap, we've now got initial execution on a victim system,
Typosquatting and Other Attacks Against Open Source Dependencies
In November of 2018 a malicious Javascript package was identified and subsequently removed from the NPM ecosystem. A nefarious modification was introduced into this package, flatmap-stream, which was then added