embedded malicious code
Octopus Scanner Compromises 26 OSS Projects on GitHub
Brian Fox | | #OSSsecurity, embedded malicious code, FEATURED, malicious injection, malware prevention, News and Views, octopus scanner, Software Composition Analysis
Updated from original May 29th post. Making a salad for lunch or dinner? What ingredients do you use? Lettuce, carrots, onions, tomatoes, dressing? If you just go by the list of ingredients, ...
Octopus Malware Compromises 26 OSS Projects on GitHub
Brian Fox | | #OSSsecurity, embedded malicious code, malicious injection, malware prevention, News and Views, Software Composition Analysis
Updated from original May 29th post. Making a salad for lunch or dinner? What ingredients do you use? Lettuce, carrots, onions, tomatoes, dressing? If you just go by the list of ingredients, ...
What Developers Need to Know About WhatsApp’s Recent Security Dilemma
Katie McCaskey | | application health, AppSec, embedded malicious code, Industry commentary, malware prevention, open source application scan
Last week, reports, like this one from Dark Reading, surfaced a remotely exploitable bug found in Facebook’s popular WhatsApp chat app, that spies on users and specifically targeted human rights groups. Facebook ...
The Dot Zero Conundrum and the New Frontier of Securing Open Source
Brian Fox | | code quality, Corporate Momentum, embedded malicious code, FEATURED, News and Views, Nexus Intelligence, Product
Over the past two years, I’ve spoken about more than instances of adversaries intentionally publishing malicious components into public open source and container repositories. Adversaries used these attacks to mine cryptocurrency, steal ...
Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security
Brian Fox | | DevSecOps, embedded malicious code, Everything Open Source, Open Source Security, RubyGems
Over the last several years, we’ve been raising awareness of breaches to popular open source software components and the worrying trend that they are more frequently being attacked at the source - ...
Nexus Intelligence Insights: Sonatype-2018-0413, flatmap-stream’s back, back again
Elisa Velarde | | embedded malicious code, FEATURED, flatmap-stream, Nexus Intelligence Insights, Sonatype-2018-0413, Vulnerabilities
Thought you cleaned up your malicious flatmap-stream code? Check again. You may have thought you'd read everything there was to read about flatmap-stream and as a result, fixed the offending component once ...
Nexus Intelligence Insights: CVE-2019-13354: ‘strong_password’ embedded malicious code, RubyGems
Elisa Velarde | | cve-2019-13354, embedded malicious code, FEATURED, Nexus Intelligence Insights, Ruby Gems language, Vulnerabilities
We typically don’t follow one monthly Nexus Intelligence Insights post on the heels of another, but July’s vulnerability is time sensitive so we didn’t want to delay getting the next edition out ...