CyberSecurity updates
Updated: 2024-11-22 17:44:29 Pacfic

github.com
Obstracts: Open Source Tool for Threat Intelligence Extraction - 11d

Obstracts is an open-source tool designed to extract threat intelligence from blog posts and other sources. It uses various techniques, including pattern matching and AI-based analysis, to identify and categorize indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs). Obstracts provides a valuable resource for security teams by automating the process of extracting relevant information from blog posts, saving analysts time and effort. The tool also supports contextual relationships between extracted data, enabling a more comprehensive understanding of threats. Obstracts is available on GitHub, allowing security professionals to use, modify, and contribute to its development. This open-source nature encourages collaboration and fosters a continuous improvement of threat intelligence capabilities.

csoonline.com
Command Jacking: New Supply Chain Attack Technique Targets Open Source Package Entry Points - 8d

A new and concerning attack technique has been identified by Checkmarx researchers, leveraging the entry points of open source application packages. This technique, dubbed “command jacking,” exploits the ability of developers to expose specific functions as command line tools. Attackers can create malicious packages with fake entry points, impersonating widely-used third-party tools or system commands like ‘aws’, ‘docker’, ‘npm’, ‘pip’, ‘git’, ‘kubectl’, ‘terraform’, ‘gcloud’, ‘heroku’, or ‘dotnet’. When unsuspecting developers install these packages and run the hijacked commands, malicious code can be executed, potentially leading to data theft, malware installation, and compromise of entire cloud infrastructures.

csoonline.com
Open Source Package Entry Points Vulnerability Allows for Command Jacking Attacks - 4d

Open source application packages, including those in Python and JavaScript, have a vulnerability in their entry points that could be used by threat actors to execute malicious code to steal data, plant malware, and more. This warning to developers and infosec leaders comes from researchers at Checkmarx, who dub the techniques “command jacking.” Attackers can use entry points to run specific commands impersonating popular third-party tools and system commands, but they could also leverage malicious plugins and extensions. This highlights the importance of scrutinizing open source package repositories and ensuring that developers are aware of the potential risks associated with entry point attacks.


This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.