Explore 3rd party risk, the threat of client-side attacks, the material impact they cause, and discover approaches to mitigating this risk.
The post How to Effectively Manage Shadow Code and Mitigate the Blind Side in Your 3rd Party Risk appeared first…
Tag: JavaScript
Global Security News, North America
New npm flaws let attackers better target packages for account takeover
by Help Net Security •
In this video for Help Net Security, Yakir Kadkoda, Lead Security Researcher, and Assaf Morag, Lead Data Analyst at Aqua Security, talk about new npm flaws that allow attackers to target packages for account takeover. Npm is the default package manager…
Global Security News, North America
JavaScript security: The importance of prioritizing the client side
by Help Net Security •
In this interview with Help Net Security, Vitaly Lim, CTO at Feroot, talks about the most common JavaScript threats, the devastating impact of malicious or vulnerable code, and the importance of JavaScript security in the development process. We’re hea…
Malware Indicators (IoCs), Vulnerabilities
Critical Remote Code Execution Vulnerability Found In Parse Server
by Abeerah Hashim •
Researchers have discoverd a critical-severity bug in the opensource tool Parse Server. Exploiting this server…
Critical Remote Code Execution Vulnerability Found In Parse Server on Latest Hacking News.
Global Security News, North America
Take a walk on the client side: The importance of front-end JavaScript security assessments
by Help Net Security •
As e-skimming, Magecart, and other types of front-end attacks grow in frequency and severity, businesses are faced with finding ways to protect the front-end (i.e., client side) web applications and websites. JavaScript—which drives core functionality …
Europe, Global Security News, North America
Angular + React: Vulnerability Cheatsheet
by Vickie Li •
The most common vulnerabilities to look out for in Angular and React applications: template injection, XSSI, authentication bypass, and more.
Photo by Lautaro Andreani on Unsplash
Securing applications is not the easiest thing to do. An application has…
Europe, Global Security News, North America
Node.js Vulnerability Cheatsheet
by Vickie Li •
25 vulnerabilities to look out for in Node JS applications: Directory traversal, prototype pollution, XSSI, and more…
Photo by Greg Rakozy on Unsplash
Securing applications is not the easiest thing to do. An application has many components: server-side…
Global Security News, North America
How threat actors are using npm to launch attacks
by Help Net Security •
WhiteSource released a threat report based on malicious activity found in npm, the most popular JavaScript package manager used by developers worldwide. The report is based on findings from more than 1,300 malicious npm packages identified in 2021. Jav…
Malware Indicators (IoCs), Vulnerabilities
UK NCSC Rolls Out SME NMAP Scripts To Detect Vulnerabilities
by Abeerah Hashim •
The UK NCSC has recently announced the launch of a dedicated NMAP script collection “Scanning…
UK NCSC Rolls Out SME NMAP Scripts To Detect Vulnerabilities on Latest Hacking News.
Security Vendor News
JavaScript developer destroys own projects in supply chain “lesson”
by Paul Ducklin •
Two popular open source JavaScript packages recently got “hacked” in a symbolic gesture by the original project creator.
Europe, Global Security News, North America
Finding “Attackable” Open Source Vulnerabilities in JavaScript
by The ShiftLeft Team •
Finding attackable open source vulnerabilities in JS applications with an intelligent SCA approach
Open Source Software (OSS) is at the core of today’s information technology. About 80% of companies run their operations on OSS and 96% of applications …
Malware Indicators (IoCs)
New RATDispenser JavaScript Loader Delivers Infostealers To Pilfer Passwords
by Abeerah Hashim •
A new malware loader is active in the wild, targeting users with RATs and infostealers.…
New RATDispenser JavaScript Loader Delivers Infostealers To Pilfer Passwords on Latest Hacking News.
Malware Indicators (IoCs)
HTML Smuggling Attack In The Wild Targeting The Banking Sector
by Abeerah Hashim •
Microsoft has recently shared details about a novel phishing strategy in the wild. Dubbed ‘HTML…
HTML Smuggling Attack In The Wild Targeting The Banking Sector on Latest Hacking News.
Security Vendor News
Wake up and smell the Javascript – website supply chain puts online retail at risk
by Pamela Weaver •
There are more than 1.8 billion websites online today, and almost 98% of them are powered by JavaScript. There’s a good reason for this: JavaScript’s flexibility and portability enable the rich online functionality we’ve all come to know and love. But what happens when that same functionality becomes a significant vector for cyberattacks? Retail websites […]
The post Wake up and smell the Javascript – website supply chain puts online retail at risk appeared first on Blog.
Global Security News, North America
Trojan Source bugs may lead to extensive supply-chain attacks on source code
by Zeljka Zorz •
Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, allowing for extensive supply-chain attacks. “We have discovered ways of man…
Global Security News, North America
Popular nmp package hijacked, modified to deliver cryptominers
by Zeljka Zorz •
Several versions of the npm package for UA-parser.js, a widely used JavaScript library, have been modified to include malicious code and have been made available for download. The malicious versions check whether the device on which they have been inst…
Malware Indicators (IoCs)
JavaScript Obfuscation Now Often Used By Hackers To Hide Malware
by Abeerah Hashim •
Researchers have spotted frequent occurrences of JavaScript obfuscation in regular sites that hackers have also…
JavaScript Obfuscation Now Often Used By Hackers To Hide Malware on Latest Hacking News.
Malware Indicators (IoCs)
TruffleHog – Now a Browser Extension That Detects Secret Keys In JavaScript
by Abeerah Hashim •
Researchers have presented a dedicated browser extension, “TruffleHog,” that can facilitate bug bounty hunters. The…
TruffleHog – Now a Browser Extension That Detects Secret Keys In JavaScript on Latest Hacking News.
Security Vendor News
Poisoned proxy PACs! The NPM package with a network-wide security hole…
by Paul Ducklin •
3,000,000 downloads a week… if only they’d read the fastidious manual!