#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Package Management | Breaking Cybersecurity News | The Hacker News

Category — Package Management
Malicious npm Packages Found Using Image Files to Hide Backdoor Code

Malicious npm Packages Found Using Image Files to Hide Backdoor Code

Jul 16, 2024 Open Source / Software Supply Chain
Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team. "They contained sophisticated command and control functionality hidden in image files that would be executed during package installation," software supply chain security firm Phylum said in an analysis. The packages are designed to impersonate a legitimate npm library called aws-s3-object-multipart-copy , but come with an altered version of the "index.js" file to execute a JavaScript file ("loadformat.js"). For its part, the JavaScript file is designed to process three images -- that feature the corporate logos for Intel, Microsoft, and AMD -- with the image corres
Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages

Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages

Feb 14, 2024 Software Security / Vulnerability
Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system. "While 'command-not-found' serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the snap repository, leading to deceptive recommendations of malicious packages," cloud security firm Aqua said in a report shared with The Hacker News. Installed by default on Ubuntu systems, command-not-found  suggests  packages to install in interactive bash sessions when attempting to run commands that are not available. The suggestions include both the Advanced Packaging Tool ( APT ) and  snap packages . While the tool uses an internal database ("/var/lib/command-not-found/commands.db") to suggest APT packages, it relies on the " advise-snap " comman
cyber security

Earn a Master's in Cybersecurity Risk Management

websiteGeorgetown UniversityCyber Security
Lead the future of cybersecurity risk management with an online Master's from Georgetown.
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources