all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection

Add to bookmarks
Nov. 30, 2022, 1:44 p.m. | noreply@blogger.com (Ravie Lakshmanan)

The Hacker News thehackernews.com

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool.
npm CLI's install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for

cybersecurity detection find jfrog malicious malicious npm npm researchers supply chain attack vulnerability vulnerability detection

Visit resource

More from thehackernews.com / The Hacker News

OfflRouter Malware Evades Detection in Ukraine for Almost a Decade 9 hours ago | thehackernews.com
analysis called cisco cisco talos +22
FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor 10 hours ago | thehackernews.com
auto auto industry automotive automotive industry +17
Recover from Ransomware in 5 Minutes—We will Teach You How! 13 hours ago | thehackernews.com
attack back can cdp +21
New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks 13 hours ago | thehackernews.com
analysis android android trojan called +16
How to Conduct Advanced Static Analysis in a Malware Sandbox 13 hours ago | thehackernews.com
advanced analysis can dynamic +17
Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide 13 hours ago | thehackernews.com
arrested as-a-service called crackdown +14
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes 18 hours ago | thehackernews.com
access april critical critical vulnerabilities +25
Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor 19 hours ago | thehackernews.com
actor ads backdoor campaign +16
Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks 1 day, 10 hours ago | thehackernews.com
advanced advanced persistent threat apt apt44 +21

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Deputy Chief Information Security Officer

@ City of Philadelphia | Philadelphia, PA, United States
View on infosec-jobs.com

Global Cybersecurity Expert

@ CMA CGM | Mumbai, IN
View on infosec-jobs.com

Senior Security Operations Engineer

@ EarnIn | Mexico
View on infosec-jobs.com

Cyber Technologist (Sales Engineer)

@ Darktrace | London
View on infosec-jobs.com
View more jobs