all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Is there any sort of validation mechanism mitigating MITM supply chain attacks in the case an attacker breaches a repo server like NPM or PyPi?

Add to bookmarks
July 8, 2022, 1:25 p.m. | /u/Jonathan-Todd

cybersecurity www.reddit.com

We know of [all sorts](https://jfrog.com/blog/npm-package-hijacking-through-domain-takeover-how-bad-is-this-new-attack/) of [ways](https://www.scmagazine.com/news/third-party-risk/iconburst-supply-chain-attack-uses-typo-squatting-to-spread-malicious-javascript-packages-via-npm) supply chain attacks can happen against individual repositories.

I'm thinking of a more drastic scenario where an attacker breaches the server delivering the packages. I'm not at a desktop to cite the domains NPM packages are loaded from, or PyPi, etc, but you know the ones.

Don't packages actually get delivered from centralized servers delivering content for those package managers? If I recall correctly, when I was trying to load Pip packages in …

attacks breaches case cybersecurity mitm npm pypi repo server sort supply supply chain supply chain attacks validation

Visit resource

More from www.reddit.com / cybersecurity

More than 800 vulnerabilities resolved through CISA ransomware notification pilot 6 hours ago | www.reddit.com
cisa cybersecurity notification pilot +2
Top cybersecurity stories for the week of 04-22-24 to 04-26-24 7 hours ago | www.reddit.com
ciso cyber cyber security cybersecurity +8
Reddit down in major outage blocking access to web, mobile apps 9 hours ago | www.reddit.com
access apps blocking cybersecurity +7
Most painful issues in chemical industry? 9 hours ago | www.reddit.com
chemical cybersecurity deal europe +10
Here's my article on Phishing Email Investigation: A Step-by-Step Analysis. Do read and let me … 10 hours ago | www.reddit.com
analysis article cybersecurity email +5
Secondary cysec skill? 11 hours ago | www.reddit.com
aim consultant contractor cybersecurity +9
Any ideas on how I can convince my boss to not require users to give … 14 hours ago | www.reddit.com
admin admin rights boss can +11
Encryption Keys Rotation 15 hours ago | www.reddit.com
cybersecurity data encrypted encryption +15
ArcaneDoor hackers exploit Cisco zero-days to breach govt networks 20 hours ago | www.reddit.com
arcanedoor breach cisco cybersecurity +5

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Operations Manager (f/d/m), 80-100%

@ Alpiq | Lausanne, CH
View on infosec-jobs.com

Project Manager - Cyber Security

@ Quantrics Enterprises Inc. | Philippines
View on infosec-jobs.com

Sr. Principal Application Security Engineer

@ Gen | DEU - Tettnang, Kaplaneiweg
View on infosec-jobs.com

(Senior) Security Architect Car IT/ Threat Modelling / Information Security (m/f/x)

@ Mercedes-Benz Tech Innovation | Ulm
View on infosec-jobs.com

Information System Security Officer

@ ManTech | 200AE - 375 E St SW, Washington, DC
View on infosec-jobs.com
View more jobs