New in Nexus Repository 3.23: Nexus Intelligence via npm audit

We are excited to announce the official release of Nexus Repository 3.23. In this release, we continue the story of our enhanced JavaScript support with the new Nexus Intelligence via npm audit ...
Secrets, Security Insights and APIs!

Secrets, Security Insights and APIs!

Secrets, Security Insights, and APIs!ShiftLeft Inspect can now detect “hardcoded secrets” (across all languages), and provide “security insights” into your JavaScript code. ShiftLeft Inspect has also released a new version of API ...
The economics of open source by C J Silverio | JSConf EU 2019

Microsoft Acquires npm: A Healthy Move for Critical Public Infrastructure

Today, news broke that GitHub and its parent company Microsoft, acquired npm and its public repository of open source JavaScript packages. In 2018 when Microsoft acquired Github, many in the developer community ...

Sonatype Rolls Out Enhanced JavaScript Scanning, npm Automated Pull Requests & More Free JS Developer Tools

We’ve recently rolled out enhanced support for JavaScript that provides developers with improved accuracy, increased policy control, and faster remediation of open source vulnerabilities across the entire software development lifecycle. Our enhancements ...
Beyond Magecart: Understanding the Risks and Impacts of Third-Party JavaScript

Beyond Magecart: Understanding the Risks and Impacts of Third-Party JavaScript

Third-party JavaScript is a common technique used to add functionality, user experiences, or security paradigms to your web site. However, these website additions can introduce significant friction. Not all users want to ...
Malicious npm package exfiltrating data from UNIX systems

Malicious npm package exfiltrating data from UNIX systems

A malicious JavaScript package was uploaded Dec. 30 2019 on the Node Package Manager (npm), the world’s largest software registry, containing over 800,000 code packages that developers use to write JavaScript applications ...
Firefox

Firefox Critical Zero-Day Being Exploited: Patch NOW

Mozilla’s Firefox browser has a nasty bug. Rated “critical,” the vulnerability is being actively exploited in the wild ...
Security Boulevard
Reawakening of Emotet: An Analysis of its JavaScript Downloader

Reawakening of Emotet: An Analysis of its JavaScript Downloader

In mid-September 2019, Emotet resumed its activity and we evaluated changes to its operation in a previous blog post by Alex Holland. One of the noticeable changes is that some of the ...
Deobfuscating Ostap: TrickBot’s 34,000 Line JavaScript Downloader

Deobfuscating Ostap: TrickBot’s 34,000 Line JavaScript Downloader

Introduction For a malicious actor to compromise a system, they need to avoid being detected at the point of entry into the target’s network. Commonly, phishing emails delivering malicious attachments (T1193) serve ...