comparemela.com

Tzachi Zornstain News Today : Breaking News, Live Updates & Top Stories | Vimarsana

PyPI halted new users and projects while it fended off supply-chain attack

Automation is making attacks on open source code repositories harder to fight.

Tzachi zornstainYehuda gelbJossef harush kadouriPython package index

Malicious campaigns overwhelm open-source ecosystems, leads to DoS for NPM

A malicious campaign was caught heavily loading spam packages in NPM, which resulted in a denial-of-services (DoS) and caused the registry service to be sporadically unavailable.

Tzachi zornstainJossef harush kadouriService unavailableSmoke loaderSupply chain consumption framework

Even with all eyes on software supply chain security, open source remains a neglected target

The 2020 SolarWinds hack served as an alarming wake-up call about the threat of the software supply chain, spurring rapid shifts in how organizations secure third-party applications. And yet, two years later, open source repositories remain ripe for exploitation.

Justin hutchingsIlkka turunenDan lorencGary petersRob portmanBrad arkinDeborah bryantFaisal salmanTzachi zornstainBrian behlendorfSource security foundationSource softwareInfrastructure security agencySource initiativeSenate homeland security committeeOpen source security foundation

How Attackers Could Dupe Developers into Downloading Malicious Code From GitHub

Developers need to be cautious about whom they trust on GitHub because it's easy to establish fake credibility on the platform, security vendor warns.

Tzachi zornstainEstablish fake

vimarsana © 2020. All Rights Reserved.