FlagThis

CyberSecurity updates
Updated: 2024-11-22 13:12:58 Pacfic
csoonline.com
Open Source Package Entry Points Vulnerability Allows for Command Jacking Attacks - 4d
Read more: www.csoonline.com

Open source application packages, including those in Python and JavaScript, have a vulnerability in their entry points that could be used by threat actors to execute malicious code to steal data, plant malware, and more. This warning to developers and infosec leaders comes from researchers at Checkmarx, who dub the techniques “command jacking.” Attackers can use entry points to run specific commands impersonating popular third-party tools and system commands, but they could also leverage malicious plugins and extensions. This highlights the importance of scrutinizing open source package repositories and ensuring that developers are aware of the potential risks associated with entry point attacks.

References:
  • Was ist ein Botnet - Open source package entry points could be used for command jacking: Report - 7d
  • checkmarx.com - This New Supply Chain Attack Technique Can Trojanize All Your CLI Commands - 7d
  • Malware Analysis, News and Indicators - Command-jacking used to launch malicious code on open-source platforms - 7d
  • SCM feed for Security Strategy, Plan, Budget - Command-jacking used to launch malicious code on open-source platforms - 7d
  • Security Risk Advisors - This Checkmarx blog post details the new supply chain attack technique, highlighting its potential for compromising CLI commands. - 5d
  • Cybersecurity News - This article from Security Online highlights the discovery of the “Command-Jacking” attack, explaining its impact on CLI tools and the importance of supply chain security. - 5d

Classification:

This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.