WhiteSource report warns of NPM registry risks

The popular NPM registry of JavaScript packages was described as a playground for malicious actors by software scanning services provider WhiteSource Software, which has published a report of its vulnerability analysis of the registry.The WhiteSource research report, released Februay 2, was based on data culled using the WhiteSource Diffend malware detection platform. WhiteSource said it has reported more than 1,300 malicious packages to NPM in the past six months. Malware subsequently removed by NPM was found to be stealing both credentials and cryptocurrency and running botnets, said WhiteSource. The company said that nearly 14% of the malicious packages detected were designed to steal sensitive information such as credentials present in environment variables. While attackers using malicious packages often do not target particular companies or entities, some packages were designed to target certain systems.To read this article in full, please click here

Nov 30, -0001 - 00:00
 0
WhiteSource report warns of NPM registry risks
Techatty All-in-1 Publishing
Techatty All-in-1 Publishing

The popular NPM registry of JavaScript packages was described as a playground for malicious actors by software scanning services provider WhiteSource Software, which has published a report of its vulnerability analysis of the registry.

The WhiteSource research report, released Februay 2, was based on data culled using the WhiteSource Diffend malware detection platform. WhiteSource said it has reported more than 1,300 malicious packages to NPM in the past six months. Malware subsequently removed by NPM was found to be stealing both credentials and cryptocurrency and running botnets, said WhiteSource. The company said that nearly 14% of the malicious packages detected were designed to steal sensitive information such as credentials present in environment variables. While attackers using malicious packages often do not target particular companies or entities, some packages were designed to target certain systems.

To read this article in full, please click here

Techatty Connecting the world of tech differently! Read. Write. Learn. Thrive. Make an informed decision without distractions. We are building tech media and publication networks to connect YOU and everyone to reliable information, opportunities, and resources to achieve greater success.