all InfoSec news
You Can Run But You Can't Hide: Runtime Protection Against Malicious Package Updates For Node.js. (arXiv:2305.19760v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
Maliciously prepared software packages are an extensively leveraged weapon
for software supply chain attacks. The detection of malicious packages is
undoubtedly of high priority and many academic and commercial approaches have
been developed. In the inevitable case of an attack, one needs resilience
against malicious code. To this end, we present a runtime protection for
Node.js that automatically limits a package's capabilities to an established
minimum. The detection of required capabilities as well as their enforcement at
runtime has been …
attack attacks case commercial detection hide high malicious malicious packages node node.js package packages protection resilience run runtime runtime protection software software supply chain software supply chain attacks supply supply chain supply chain attacks updates you can't hide