CyberSecurity updates
Updated: 2024-11-22 13:12:58 Pacfic

csoonline.com
Command Jacking: New Supply Chain Attack Technique Targets Open Source Package Entry Points - 8d
Read more: www.csoonline.com

A new and concerning attack technique has been identified by Checkmarx researchers, leveraging the entry points of open source application packages. This technique, dubbed “command jacking,” exploits the ability of developers to expose specific functions as command line tools. Attackers can create malicious packages with fake entry points, impersonating widely-used third-party tools or system commands like ‘aws’, ‘docker’, ‘npm’, ‘pip’, ‘git’, ‘kubectl’, ‘terraform’, ‘gcloud’, ‘heroku’, or ‘dotnet’. When unsuspecting developers install these packages and run the hijacked commands, malicious code can be executed, potentially leading to data theft, malware installation, and compromise of entire cloud infrastructures.


This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.