• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
here's a new tool that scans open source repositories for malicious

Here’s a New Tool That Scans Open-Source Repositories for Malicious Packages

You are here: Home / General Cyber Security News / Here’s a New Tool That Scans Open-Source Repositories for Malicious Packages
May 2, 2022

The Open Source Security Foundation (OpenSSF) has announced the original prototype launch of a new resource that is capable of carrying out dynamic evaluation of all packages uploaded to well known open source repositories.

Called the Package Assessment challenge, the initiative aims to safe open-source packages by detecting and alerting consumers to any destructive behavior with the objective of bolstering the security of the software program offer chain and increasing believe in in open-resource computer software.

CyberSecurity

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“The Package Analysis task seeks to recognize the actions and capabilities of packages obtainable on open supply repositories: what documents do they accessibility, what addresses do they hook up to, and what commands do they run?,” the OpenSSF mentioned.

“The job also tracks variations in how packages behave about time, to detect when formerly safe and sound computer software commences acting suspiciously,” the foundation’s Caleb Brown and David A. Wheeler added.

In a check operate that lasted a month, the device determined more than 200 malicious packages uploaded to PyPI and NPM, with a the vast majority of the rogue libraries leveraging dependency confusion and typosquatting attacks.

Google, which is a member of OpenSSF, has also rallied its aid at the rear of the Deal Assessment project, when emphasizing the need for “vetting offers staying printed in get to keep users protected.”

CyberSecurity

The tech giant’s Open Source Security Group, very last year, set forth a new frame identified as Supply chain Concentrations for Application Artifacts (SLSA) to make certain the integrity of software packages and stop unauthorized modifications.

The progress will come as the open up supply ecosystem is remaining more and more weaponized to goal builders with a range of malware, like cryptocurrency miners and info stealers.

Found this article attention-grabbing? Comply with THN on Facebook, Twitter  and LinkedIn to read more exceptional information we submit.


Some parts of this article are sourced from:
thehackernews.com

Previous Post: «how cyber security history repeats itself How cyber security history repeats itself
Next Post: Google Releases First Developer Preview of Privacy Sandbox on Android 13 google releases first developer preview of privacy sandbox on android»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.