Tag: sonatype
Bad Actor Drops 36 Malicious Packages in npm, Targets Guardarian Users
Jeff Burt | | credentials, cryptocurrency, docker containers, Guardarian, kubernetes, Lazarus Group, npm malware, Python, Redis, SafeDep, Secrets, Shai-Hulud, software supply chain attacks, sonatype, StrapiThe npm code repository is again being used by a bad actor to launch a supply chain attack that includes three dozen malicious packages that appear as Strapi CMS plugins but deliver ...
North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project
Jeff Burt | | Axios, CI/CD, Google Threat Intelligence Group, JavaScript dependencies, Mandiant, North Korea, remote access trojan (RAT), Socket, sonatype, supply chain attack, TeamPCPThe threat actor targeted a highly popular open source project with more than 100 million weekly downloads, creating a large "blast radius." ...
Two Malicious npm Packages Aim to Steal Credentials and Other Secrets
Jeff Burt | | API Keys, CI/CD pipelines, credential theft, Data Exfiltration, exposed secrets, GitHub repositories, maintainer account, malicious npm packages, sonatypeBad actors took over a npm maintainer account and have published two malicious packages designed to steal credentials, API keys, and other secrets from the computers of victims who download them from ...
Securing Open Source Components in a World of Mixed Committer Motivations
Our world runs on software that contains open source components. This places an increased burden on developers, as the primary consumers and deployers of those components, to use code that is fully ...
Sonatype Report Surfaces Scope of Known Vulnerability Challenge
Sonatype this week published a State of the Software Supply Chain Report that found a 633% year-over-year increase in malicious attacks aimed at open source software residing in public repositories. In addition, ...
Sonatype Report Shows Spike in Supply Chain Attacks
Sonatype today released a report that finds there has been a 650% year-over-year increase in supply chain attacks aimed at upstream public repositories. Cybercriminals hope to compromise these repositories by injecting malware ...
Sonatype Acquires MuseDev to Add Code Analysis
Sonatype today revealed it has acquired MuseDev, a provider of a code analysis tool, in addition to updating its Nexus platform for discovering vulnerabilities in software supply chains. Muse analyzes code each ...
DevSecOps Trends to Know For 2021
For DevSecOps leaders, 2021 will be the year of the open source supply chain attack. It’s already starting, in fact. On January 7, security researchers at Sonatype identified three malicious Java components ...
Sonatype Expands its Fully Automated Open Source Security and Governance Solution to Support C/C++, PHP, and Ruby
Nexus Lifecycle now allows users to scan applications for open source software vulnerabilities, automatically enforce open source governance policies, and easily remediate open source risk for 27 different languages and package formats ...
Vista Equity Partners Acquires Majority Interest in DevOps Leader Sonatype
Partnership to Accelerate Global Growth and Innovation for Automating Open Source Governance and Software Supply Chain Hygiene FULTON, MD., Nov. 18, 2019 (GLOBE NEWSWIRE) -- Sonatype, the company that scales DevOps through open ...
Sonatype Delivers Premium Open Source Controls to GitHub Users
New Integrations Deliver Enterprise-Grade Open Source Governance and Dependency Management to Millions of GitHub Developers SAN FRANCISCO – GitHub Universe, Nov. 12, 2019 (GLOBE NEWSWIRE) -- Sonatype, the company that scales DevOps ...
State of the Software Supply Chain: Secure Coding Takes Spotlight
Derek E. Weeks | | application development, devops, open source, secure coding, software development, sonatype, state of software supply chain reportAfter almost a year of research that involved studying 36,000 open source software projects, 12,000 enterprise development teams and 3.7 million open source releases, we at Sonatype are excited to share the ...
