Tech

Backdoor in public repository used new form of attack to target big firms

Enlarge (credit: Getty Images) A backdoor that researchers found hiding inside open source code targeting four German companies was the work of a professional penetration tester. The tester was checking clients’ resilience against a new class of attacks that exploits public repositories used by millions of software projects worldwide. But it could have been bad. […]

Tech

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus

Enlarge (credit: Getty Images) The developer of a popular open source package has been caught adding malicious code to that package, which wiped files from computers located in Russian federation and Belarus, in a protest that has enraged many users and raised concerns about the safety of free and open source software. The application, node. […]

Tech

FOSS developer who nuked his apps embraced QAnon theory involving Aaron Swartz

Enlarge (credit: James Brey / iStockPhoto / Getty Images ) The developer who sabotaged two of his own open source code libraries, causing disruptions for thousands of apps that used them, has a colorful past that includes embracing a QAnon theory involving Aaron Swartz, the well-known hacktivist and programmer that died by suicide in 2013. […]

Tech

Minecraft and other apps face serious threat from Log4j code execution bug

Enlarge (credit: Getty Images) A newly discovered vulnerability affecting Java versions of Minecraft makes it possible for miscreants to execute malicious code on servers and end-user devices running the wildly popular game, several websites said on Thursday. And as if a vulnerability of this magnitude in the world’s best-selling game wasn’t serious enough, the breadth […]

Tech

Malicious packages sneaked into NPM repository stole Discord tokens

Enlarge (credit: Getty Images) Researchers have found another 17 malicious packages in an open source repository, as the use of such repositories to spread malware continues to flourish. This time, the malicious code was found in NPM, where 11 million developers trade more than 1 million packages among each other. Many of the 17 malicious […]

Tech

Malware downloaded from PyPI 41, 000 times was surprisingly stealthy

Enlarge (credit: Getty Images ) PyPI—the open source repository that both large and small organizations use to download code libraries—was hosting 11 malicious packages that were downloaded more than 41, 000 times, in one of the latest reported such incidents threatening the software supply chain. JFrog, a security firm that monitors PyPI and other repositories […]

Tech

These parents built a school app. Then the city called the cops

Enlarge / Öppna Skolplattformen hoped to succeed where Skolplattform had failed. (credit: Comstock | Getty Images) Christian Landgren’s patience was running out. Every day the separated father of three was wasting precious time trying to get the City of Stockholm’s official school system, Skolplattform, to work properly. Landgren would dig through endless convoluted menus to […]

Tech

Linux Foundation says companies are desperate for open source talent

Enlarge / It probably shouldn’t be considered “surprising” when a Linux certification entity reports that Linux certifications are highly desirable. (credit: Linux Foundation) The Linux Foundation released its 2021 Open Source Jobs Report this month, which aims to inform both sides of the IT hiring process about current trends. The report accurately foreshadows many of […]

Tech

Cryptocurrency launchpad hit by $3 million supply chain attack

Enlarge (credit: Austin Distel) SushiSwap’s chief technology officer says the company’s MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi’s newest offering, Minimal Initial SushiSwap Offering (MISO), is […]

Tech

Travis CI flaw exposed secrets of thousands of open source projects

Enlarge (credit: Getty Images) A security flaw in Travis CI potentially exposed secrets of thousands of open source projects that rely on the hosted continuous integration service. Travis CI is a software-testing solution used by over 900,000 open source projects and 600,000 users. However, a vulnerability in the tool made it possible for secure environment […]