all InfoSec news
John Deere dependency confusion attempt flagged by Sonatype
Security Boulevard securityboulevard.com
This week Sonatype identified 17 npm packages, at least 12 of which directly target John Deere's private npm dependencies via dependency confusion, a technique that continues to repeatedly be employed by bug bounty hunters and malicious actors alike when targeting open source packages.
John Deere, or more specifically, Deere & Company, is a U.S.-based global producer of agricultural equipment including machines, tractors, and engines, as well as provider of financial services.
The discovery was made by Sonatype's automated malware detection …
dependency dependency confusion devzone featured john john deere malware prevention npm sonatype vulnerabilities