One Article Review
| Source |  CISCO Talos |
|---|---|
| Identifiant | 7295714 |
| Date de publication | 2022-10-04 08:51:05 (vue: 2022-10-04 14:07:48) |
| Titre | Developer account body snatchers pose risks to the software supply chain |
| Texte |  By Jaeson Schultz.Over the past several years, high-profile software supply chain attacks have increased in frequency. These attacks can be difficult to detect and source code repositories became a key focus of this research.Developer account takeovers present a substantial risk to the software supply chain because attackers who successfully compromise a developer account could conceal malicious code in software packages used by others.Talos analyzed several of the major software repositories to assess the level of developer account security, focusing specifically on whether developer accounts could be recovered by re-registering expired domain names and triggering password resets.Many software repositories have already begun taking steps to enhance the security of developer accounts. Talos has identified additional areas where the security of developer accounts could be improved. Talos worked with vulnerable repositories to resolve issues that we found. Software supply chain attacks, once the exclusive province of sophisticated state-sponsored attackers, have been gaining popularity recently among a broader range of cyber criminals. Attackers everywhere have realized that software supply chain attacks can be very effective, and can result in a large number of compromised victims. Software supply chain attacks more than tripled in 2021 when compared with 2020. Why are software supply chain attacks so effective? Organizations that possess solid cyber defenses may be difficult to attack directly. However, these same organizations are likely vulnerable to a software supply chain attack because they still regularly run/build software obtained from vendors who are trusted.Rather than attacking an entire software repository itself, or identifying an unpatched vulnerability in a software package, compromising the software supply chain can be as simple as attacking the accounts of the package developers and maintainers. Most software repositories track the identities of their software developers using those developers' email addresses. If a cybercriminal somehow gains access to a developer's email account, the attacker can theoretically generate password reset emails at these software repositories a |
| Envoyé | Oui |
| Condensat | 000 172 200 2020 2021 2022 317 400 @cpan @mylesborins @npmjs ability above access account accounts across actually adding additional additionally address addresses administrator admins affecting afforded against agnostic all allow almost already also although always among amount analyze analyzed announced any anyone anytime appears application approach approximately archive are areas arguably ask assembling assess associated attack attacker attackers attackersnpm attacking attacks attempts attractive audits author authors available aware away back balance base64 based became because become been begun being belonging best better bit body box broader but called can carefully carry case certain chain chainre changes check choice choose cisco claimed code com come comes commonly compared comprehensive compromise compromised compromising conceal conceivably concept concerning conclusionthe consistent contact contain contained containing contains contributed control conveniently correlate costs could countermeasure couple course cpan cpanthe criminals critical ctx currently cyber cybercriminal data decides default defenders defenses delicate depends description detect dev developer developers developing development did different difficult direction directly disabled discernable disclose discussion display does doesn domain domains done downloads driver drivers each eager easily easy effect effective else elsewhere email emails embedded enable enabled encoded enforcing enhance enhances entire environment especially etc even every everywhere examined example exception exclusive expired explicitly expose external extracting facilitate failed far feature file files find fire first focus focusing foil forces forcing foreach form fortunately found frequency frequently from functionality further future gaining gains gallery gems generate generated get gets github give gmail good greatly group had handle has have helpless helps hidden hide hiding high his holds homepage how however idea identified identifying identities ids imagine impersonate import importantly improved includes including increased indeed independent index indicate indicating individual information inherent inside instances instead integrate integrating interact internal inventing issues iterating its itself jaeson javascript july key keys language languages large larger last later level libraries library like likely limitations limited link list lists looked looking lot lowers made magic mail mailto: maintained maintainers major make malicious malware managed manager managers mandatory many masse may mean means mentioned metadata mfa might million module modules more most mostly motivated moving much must name names necessary need net network new not npm npmnode nuget nugetnuget number numbers obscurity obtained obviously occurs often old once one online only open opportunities option org organizations original other others out over own package package/version packages page parsing particular parties party password past perl piece place planned popular popularity pose possess potential potentially practice present previously probably problem problems process profile program programmer programmers programming programs projects proof protect provided provides province public publicly publish published publishing pursued pursuit pypi pypipypi python question questions range rather raw reach reached realized really rebel recently recover recovered recovery registered registering registration regularly related relatively releasing relies rely remains remedy replaced repositories repository required research researcher reset resets resolve responsibility rest result retroactively reveals reviewing rich right risk risks rolling ruby rubygems rubygemsrubygems rules run/build running runs sacrifice safer same schultz scope scrape search security seem seems segment sensible sent server sets several should signed signing simple simply since snatchers software solid solving some somehow someone something somewhere soon sophisticated source specific specifically speed speeds spo |
| Tags | Malware Vulnerability |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.