all InfoSec news
OSS Malicious Package Analysis in the Wild
April 9, 2024, 4:11 a.m. | Xiaoyan Zhou, Ying Zhang, Wenjia Niu, Jiqiang Liu, Haining Wang, Qiang Li
cs.CR updates on arXiv.org arxiv.org
Abstract: The open-source software (OSS) ecosystem suffers from various security threats and risks, and malicious packages play a central role in software supply chain (SSC) attacks. Although malware research has a history of over thirty years, less attention has been paid to OSS malware. Its existing research has three limitations: a lack of high-quality datasets, malware diversity, and attack campaign context. In this paper, we first build and curate the largest dataset of 23,425 malicious packages …
analysis arxiv attacks attention cs.cr cs.se ecosystem history malicious malicious packages malware malware research open-source software oss package package analysis packages paid play research risks role security security threats software software supply chain supply supply chain threats
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Network Security Engineer – Zscaler SME
@ Peraton | United States
Splunk Data Analytic Subject Matter Expert
@ Peraton | Woodlawn, MD, United States
Principal Consultant, Offensive Security, Proactive Services (Unit 42)- Remote
@ Palo Alto Networks | Santa Clara, CA, United States
Senior Engineer Software Product Security
@ Ford Motor Company | Mexico City, MEX, Mexico
Information System Security Engineer (Red Team)
@ Evolution | Riga, Latvia