Manifest confusion in NPM packages identified by novel tool

6 July 2023

Manifest confusion issues in NPM packages which could raise malware distribution risk could be discovered by a new Python-based tool developed by sysadmin Felix Pankratz, reports BleepingComputer. New packages’ manifest data could be altered by threat actors to remove dependencies so as not to appear in the NPM registry but would still be executed upon the installation of the package, which may result in cache poisoning, downgrade attacks, and other types of compromise, noted former GitHub and NPM Engineering Manager Darcy Clarke.

Source: SC Magazine

Date:

6 July 2023

Categorie(s):

NEWS

Tag(s):

IT, Manifest, News

Canada arrests suspected hacker over breach of 160+ Snowflake users’ data6 November 2024
Cyberthreats linked to foreign actors aim to hinder Election Day proceedings5 November 2024
DocuSign’s API used to lure victims into e-signing fake invoices5 November 2024
Schneider Electric ransomware crew demands $125k paid in baguettes5 November 2024
How to Become a Chief Information Officer: CIO Cheat Sheet5 November 2024