Similar Stories to Malicious Npm Packages Are Part Of A Malware “barrage” Hitting Repositories on Bing News

Dan Goodin, Ars Technica
Wed, 12/08/2021 - 6:47pm

Enlarge (credit: Getty Images) Researchers have found another 17 malicious packages in an open source repository, as the use of such repositories to spread malware continues to flourish. This time, the malicious code was found in NPM, where 11 million developers trade more than 1 million packages among each other. Many of the 17 malicious packages appear to have been spread by different threat actors who used varying techniques and amounts of effort to trick developers into downloading malicious wares instead of the benign ones intended. This latest discovery continues a trend first spotted a few years ago, in which miscreants sneak information stealers, keyloggers, or other types of malware into packages available in NPM, RubyGems, PyPi, or another repository.

PREV NEXT
Topics:  enlarge   getty images    researchers   pypi   read   comments   npm   malicious   packages   malware   repositories   code   repository   million   continues   developers   
BING NEWS:
  • Over 90 malicious Android apps with 5.5M installs found on Google Play
    Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity ...
    05/28/2024 - 6:48 am | View Link
  • More
PREV NEXT

 

PREV NEXT
Welcome to Wopular!

Welcome to Wopular

Wopular is an online newspaper rack, giving you a summary view of the top headlines from the top news sites.

Senh Duong (Founder)
Wopular, MWB, RottenTomatoes

Subscribe to Wopular's RSS Fan Wopular on Facebook Follow Wopular on Twitter Follow Wopular on Google Plus

MoviesWithButter : Our Sister Site

Movies With Butter More Movie News

More Business News

  • Microdosing candy-linked illnesses double; possible recall in “discussions”
    Ars Technica, Thursday - 06/20/2024 - 02:16 PM

    Enlarge (credit: Diamond Shruumz) Cases of illnesses linked to microdosing candies have more than doubled, with reports of seizures and the need for intubation, mechanical ventilation, and intensive care stays. But, there remains no recall of the products—microdosing chocolates, gummies, and candy cones by Diamond Shruumz—linked to the severe and life-threatening illnesses.

    More | Talk | Read It Later | Share
  • Why Interplay’s original Fallout 3 was canceled 20+ years ago
    Ars Technica, Thursday - 06/20/2024 - 12:31 PM

    Enlarge / What could have been. (credit: No Mutants Allowed) PC gamers of a certain vintage will remember tales of Project Van Buren, a title that early '00s Interplay intended as the sequel to 1998's hit Fallout 2. Now, original Fallout producer Timothy Cain is sharing some behind-the-scenes details about how he contributed to the project's cancellation during a particularly difficult time for publisher Interplay. Cain famously left Interplay during Fallout 2's development in the late '90s to help form short-lived RPG house Troika Games.

    More | Talk | Read It Later | Share
  • Cleaning up cow burps to combat global warming
    Ars Technica, Thursday - 06/20/2024 - 12:20 PM

    Enlarge (credit: Tony C. French/Getty) In the urgent quest for a more sustainable global food system, livestock are a mixed blessing. On the one hand, by converting fibrous plants that people can’t eat into protein-rich meat and milk, grazing animals like cows and sheep are an important source of human food.

    More | Talk | Read It Later | Share
  • Single point of software failure could hamstring 15K car dealerships for days
    Ars Technica, Thursday - 06/20/2024 - 12:03 PM

    Enlarge / Ford Mustang Mach E electric vehicles are offered for sale at a dealership on June 5, 2024, in Chicago, Illinois. (credit: Scott Olson / Getty Images) CDK Global touts itself as an all-in-one software-as-a-service solution that is "trusted by nearly 15,000 dealer locations." One connection, over an always-on VPN to CDK's data centers, gives a dealership customer relationship management (CRM) software, financing, inventory, and more back-office tools. That all-in-one nature explains why people trying to buy cars, and especially those trying to sell them, have had a rough couple of days.

    More | Talk | Read It Later | Share
  • Statewide 911 outage was caused by 911 vendor’s malfunctioning firewall
    Ars Technica, Thursday - 06/20/2024 - 11:49 AM

    Enlarge (credit: Getty Images | artas) A 911 vendor's malfunctioning firewall caused a statewide outage in the emergency calling system in Massachusetts on Tuesday afternoon, the state government said. A Massachusetts government press release issued yesterday said the state's 911 vendor, Comtech, "has advised State 911 that they have applied a technical solution to ensure that this does not happen again." "A preliminary investigation conducted by the State 911 Department and Comtech determined that the outage was the result of a firewall, a safety feature that provides protection against cyberattacks and hacking," the announcement said.

    More | Talk | Read It Later | Share
  • Ex-OpenAI star Sutskever shoots for superintelligent AI with new company
    Ars Technica, Thursday - 06/20/2024 - 10:06 AM

    Enlarge / Ilya Sutskever physically gestures as OpenAI CEO Sam Altman looks on at Tel Aviv University on June 5, 2023. (credit: Getty Images) On Wednesday, former OpenAI Chief Scientist Ilya Sutskever announced he is forming a new company called Safe Superintelligence, Inc. (SSI) with the goal of safely building "superintelligence," which is a hypothetical form of artificial intelligence that surpasses human intelligence, possibly in the extreme. "We will pursue safe superintelligence in a straight shot, with one focus, one goal, and one product," wrote Sutskever on X.

    More | Talk | Read It Later | Share