npm – PossibleThreat Articles

NPM JavaScript packages abused to create scambait links in bulk

February 22, 2023 0 Comments clickbait, data loss, npm, rogue packages, scamming, Spam

Credit to Author: Paul Ducklin| Date: Wed, 22 Feb 2023 18:59:20 +0000

Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!

MalwareBytes Security

IconBurst software supply chain attack offers malicious versions of NPM packages

July 6, 2022 0 Comments Malwarebytes news, npm, obfuscated, pubg, supply chain attack, typosquatting

Credit to Author: Pieter Arntz| Date: Wed, 06 Jul 2022 14:11:31 +0000

Researchers have uncovered a supply chain attack that tricked app and website developers into using copies of popular npm packages that contained malicious code to steal form data.

The post IconBurst software supply chain attack offers malicious versions of NPM packages appeared first on Malwarebytes Labs.

MalwareBytes Security

A scanning tool for open-sourced software packages? Yes, please!

May 9, 2022 0 Comments bigquery, caleb brown, Google, npm, open source security foundation, open source security team, open-sourced software, openssfmpypi, oss, package analysis, python package index, rust, security world, slsa, supply chain levels for software artifacts

Credit to Author: Malwarebytes Labs| Date: Mon, 09 May 2022 10:49:02 +0000

OpenSSF recently introduced a dynamic analysis tool for all OSS packages when uploaded to open source repositories.

The post A scanning tool for open-sourced software packages? Yes, please! appeared first on Malwarebytes Labs.

MalwareBytes Security

Microsoft: Slow MFA adoption presents “dangerous mismatch” in security

February 9, 2022 0 Comments 2fa, azure active directory, cyber signal, Google, grzegorz milka, MFA, Microsoft, multi-factor authentication, npm, security world, twitter, two-factor authentication

Credit to Author: Malwarebytes Labs| Date: Wed, 09 Feb 2022 11:55:24 +0000

Microsoft says its corporate users are not using MFA, another layer of security that keeps accounts safe. Unfortunately, this is not an isolated problem.

Categories: Security world

Tags: 2fa Azure Active Directory Cyber Signal Google Grzegorz Milka mfa microsoft multi-factor authentication npm twitter two-factor authentication

Security Sophos

Malicious npm package taken down after Microsoft warning

January 15, 2020 0 Comments backdoor, malicious package, Microsoft, microsoft vulnerability research, node package manager, npm, security threats, unix, vulnerability

Credit to Author: John E Dunn| Date: Wed, 15 Jan 2020 11:32:56 +0000

Criminals have been caught trying to sneak a malicious package on to the popular Node.js platform npm (Node Package Manager).<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/X4lFsmpAVr8″ height=”1″ width=”1″ alt=””/>

Security Sophos

Npm patches two serious bugs

December 16, 2019 0 Comments cve-2019-16775, cve-2019-16776, cve-2019-16777, java, JavaScript, javascript packages, npm, Patch, Patches, security threats, vulnerability

Credit to Author: Danny Bradbury| Date: Mon, 16 Dec 2019 10:57:26 +0000

JavaScript package users have been warned to update due to a bug that could enable an attacker to infect them with malicious applications.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/Yb7pRyvF7Uo” height=”1″ width=”1″ alt=””/>