all InfoSec news
More than 200 cryptomining packages flood npm and PyPI registry
Aug. 19, 2022, 1:22 p.m. | Ax Sharma
Sonatype Blog blog.sonatype.com
Sonatype has spotted 186 malicious packages flooding the npm registry today. These packages infect Linux hosts with cryptominers by downloading a malicious Bash script from the threat actor's server via the Bitly URL shortener service. Our discovery follows another researcher's discovery of 55 PyPI packages from this week, that also pull crypto miners in an identical fashion from the same offending URL.
cryptomining devzone featured flood malware prevention nexus firewall npm pypi registry vulnerabilities
More from blog.sonatype.com / Sonatype Blog
The essential duo of SCA and SBOM management
2 weeks, 6 days ago |
blog.sonatype.com
Automating and maintaining SBOMs
3 weeks, 6 days ago |
blog.sonatype.com
Cyber readiness and SBOMs
1 month, 1 week ago |
blog.sonatype.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Offensive Security Engineer
@ Ivanti | United States, Remote
Senior Security Engineer I
@ Samsara | Remote - US
Senior Principal Information System Security Engineer
@ Chameleon Consulting Group | Herndon, VA
Junior Detections Engineer
@ Kandji | San Francisco
Data Security Engineer/ Architect - Remote United States
@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700