all InfoSec news
Warning: JavaScript registry npm vulnerable to 'manifest confusion' abuse
June 27, 2023, 8:40 p.m. | Thomas Claburn
The Register - Security www.theregister.com
Failure to match metadata with packaged files is perfect for supply chain attacks
The npm Public Registry, a database of JavaScript packages, fails to compare npm package manifest data with the archive of files that data describes, creating an opportunity for the installation and execution of malicious files.…
abuse archive attacks data database failure files installation javascript malicious manifest metadata npm npm package opportunity package packages perfect public registry supply supply chain supply chain attacks vulnerable warning
More from www.theregister.com / The Register - Security
UnitedHealth CEO: 'Decision to pay ransom was mine'
1 day, 1 hour ago |
www.theregister.com
Apple's 'incredibly private' Safari is not so private in Europe
1 day, 13 hours ago |
www.theregister.com
Jobs in InfoSec / Cybersecurity
Sr. Cloud Security Engineer
@ BLOCKCHAINS | USA - Remote
Network Security (SDWAN: Velocloud) Infrastructure Lead
@ Sopra Steria | Noida, Uttar Pradesh, India
Senior Python Engineer, Cloud Security
@ Darktrace | Cambridge
Senior Security Consultant
@ Nokia | United States
Manager, Threat Operations
@ Ivanti | United States, Remote
Lead Cybersecurity Architect - Threat Modeling | AWS Cloud Security
@ JPMorgan Chase & Co. | Columbus, OH, United States