Vulnerabilities
There’s a RAT in my code: new npm malware with Bladabindi trojan spotted
Over the Thanksgiving weekend, Sonatype discovered new malware within the npm registry. This time, the typosquatting packages identified by us are laced with a popular Remote Access Trojan (RAT) ...
90% of Companies Faced Increased Cyberattacks During COVID-19
A recent global study by Tanium of 1,000 CXOs reported on the effects of COVID-19 on enterprise and government organizations. 90 percent of those surveyed said they experienced an increase in cyberattacks ...
New Study Says Cyber Security Technology Isn’t as Effective As It Should Be
A new study by Debate Security finds that the efficacy problems in cyber security are more related to economic issues rather than technology issues. It found that companies when evaluating which cyber ...
Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware
Sonatype has discovered more malware in the npm registry which, following our analysis and multiple cyber threat intelligence reports, has led to the discovery of a novel and large scale malware campaign ...
More Cyberattacks in the First Half of 2020 Than in All of 2019
A recent study by CrowdStrike showed more cyberattacks in the first six months of this year than in all of 2019 in the network activity of Crowdstrike customers. It's a trend that's ...
The ENISA Cybersecurity Threat Landscape
ENISA, the European Union Agency for CyberSecurity, met on October 6, 2020 to review their current recommendations and get any last minute changes. On October 20, 2020, they released a huge batch ...
One Key Cyber Security Fact
Earlier this year, in March of 2020, CSO Online published an article on the key facts and figures around cyber security for 2020, including the astonishing fact that 60% of attacks were ...
Contrast Security’s Approach to SCA Enables Vulnerability Prioritization and Faster Remediation
Open Source Is a Mainstay in Modern Development It goes without saying that modern applications are rarely built from scratch today. Open-source software (OSS) communities are well-organized and licensing is usually pretty ...
Discord.dll: successor to npm “fallguys” malware went undetected for 5 months
This week, the Sonatype Security Research team has identified a series of counterfeit components in the npm ecosystem. These intentionally malicious packages seem to be doing similar, shady things to the malicious ...
Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers
Just months after Octopus Scanner was caught infecting 26 open-source projects on GitHub, new reports have already surfaced of another, new sophisticated malware infection. Gitpaste-12, a worming botnet, is extremely versatile in ...
