all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

You Can Run But You Can't Hide: Runtime Protection Against Malicious Package Updates For Node.js. (arXiv:2305.19760v1 [cs.CR])

Add to bookmarks
June 1, 2023, 1:10 a.m. | Marc Ohm, Timo Pohl, Felix Boes

cs.CR updates on arXiv.org arxiv.org

Maliciously prepared software packages are an extensively leveraged weapon
for software supply chain attacks. The detection of malicious packages is
undoubtedly of high priority and many academic and commercial approaches have
been developed. In the inevitable case of an attack, one needs resilience
against malicious code. To this end, we present a runtime protection for
Node.js that automatically limits a package's capabilities to an established
minimum. The detection of required capabilities as well as their enforcement at
runtime has been …

attack attacks case commercial detection hide high malicious malicious packages node node.js package packages protection resilience run runtime runtime protection software software supply chain software supply chain attacks supply supply chain supply chain attacks updates you can't hide

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

Assessing the Solvency of Virtual Asset Service Providers: Are Current Standards Sufficient? 1 day, 1 hour ago | arxiv.org
arxiv asset business can +22
Label Inference Attacks against Node-level Vertical Federated GNNs 1 day, 1 hour ago | arxiv.org
arxiv attacks cs.cr cs.lg +16
One-shot Empirical Privacy Estimation for Federated Learning 1 day, 1 hour ago | arxiv.org
adversary algorithms arxiv auditing +12
Transferability Ranking of Adversarial Examples 1 day, 1 hour ago | arxiv.org
adversarial arxiv assurance attackers +12
When Authentication Is Not Enough: On the Security of Behavioral-Based Driver Authentication Systems 1 day, 1 hour ago | arxiv.org
artificial artificial intelligence arxiv authentication +12
A survey on hardware-based malware detection approaches 1 day, 1 hour ago | arxiv.org
arxiv computer computer security cs.cr +15
Explainable Ponzi Schemes Detection on Ethereum 1 day, 1 hour ago | arxiv.org
applications arxiv blockchain cs.cr +11
KDk: A Defense Mechanism Against Label Inference Attacks in Vertical Federated Learning 1 day, 1 hour ago | arxiv.org
arxiv attacks cs.cr cs.lg +8
Privacy-Preserving UCB Decision Process Verification via zk-SNARKs 1 day, 1 hour ago | arxiv.org
algorithm application arxiv balance +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Junior Cybersecurity Triage Analyst

@ Peraton | Linthicum, MD, United States
View on infosec-jobs.com

Associate Director, Operations Compliance and Investigations Management

@ Legend Biotech | Raritan, New Jersey, United States
View on infosec-jobs.com

Analyst, Cyber Operations Engineer

@ BlackRock | SN6-Singapore - 20 Anson Road
View on infosec-jobs.com

Working Student/Intern/Thesis: Hardware based Cybersecurity Training (m/f/d)

@ AVL | Regensburg, DE
View on infosec-jobs.com
View more jobs