all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

The Hitchhiker's Guide to Malicious Third-Party Dependencies. (arXiv:2307.09087v1 [cs.CR])

Add to bookmarks
July 19, 2023, 1:10 a.m. | Piergiorgio Ladisa, Merve Sahin, Serena Elisa Ponta, Marco Rosa, Matias Martinez, Olivier Barais

cs.CR updates on arXiv.org arxiv.org

The increasing popularity of certain programming languages has spurred the
creation of ecosystem-specific package repositories and package managers. Such
repositories (e.g., NPM, PyPI) serve as public databases that users can query
to retrieve packages for various functionalities, whereas package managers
automatically handle dependency resolution and package installation on the
client side. These mechanisms enhance software modularization and accelerate
implementation. However, they have become a target for malicious actors seeking
to propagate malware on a large scale.


In this work, we …

client databases dependencies dependency ecosystem guide installation languages malicious managers npm package package managers packages party programming public pypi query repositories resolution s guide third third-party

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

EmMixformer: Mix transformer for eye movement recognition 1 day, 3 hours ago | arxiv.org
arxiv attention biometric capture +17
Data Valuation and Detections in Federated Learning 1 day, 3 hours ago | arxiv.org
arxiv challenge clients contribute +16
A Linear Reconstruction Approach for Attribute Inference Attacks against Synthetic Data 1 day, 3 hours ago | arxiv.org
artificial arxiv attacks cs.cr +16
Failing to hash into supersingular isogeny graphs 1 day, 3 hours ago | arxiv.org
arxiv authority computing concrete +11
A Novel RFID Authentication Protocol Based on A Block-Order-Modulus Variable Matrix Encryption Algorithm 1 day, 3 hours ago | arxiv.org
algorithm arxiv authentication block +19
DiffusionShield: A Watermark for Copyright Protection against Generative Diffusion Models 1 day, 3 hours ago | arxiv.org
arxiv copyright copyright protection cs.cr +5
Optimizing Virtual Payment Channel Establishment in the Face of On-Path Adversaries 1 day, 3 hours ago | arxiv.org
adversaries arxiv blockchains channel +13
Reconciling Security and Utility in Next-Generation Epidemic Risk Mitigation Systems 1 day, 3 hours ago | arxiv.org
analysis arxiv collection contact tracing +26
Private Online Community Detection for Censored Block Models 1 day, 3 hours ago | arxiv.org
arxiv block budget change +17

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Principal Security Research Manager

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

SOC Manager

@ Inbox Business Technologies | Islamabad, Islamabad Capital Territory, Pakistan
View on infosec-jobs.com

Cybersecurity Incident Response Program Manager (Hybrid)

@ UMB Bank | MO - Kansas City - 1010 Grand Blvd
View on infosec-jobs.com

Consultant, Cyber Risk Advisory | Remote US

@ Coalfire | United States
View on infosec-jobs.com

Cybersecurity Bid Manager

@ Alstom | Derby, GB
View on infosec-jobs.com

Cyberspace Analyst

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com
View more jobs