1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • There's been a huge rise in open-source cyberattacks

    From TechnologyDaily@1337:1/100 to All on Mon Sep 26 14:45:04 2022
    There's been a huge rise in open-source cyberattacks

    Date:
    Mon, 26 Sep 2022 13:28:54 +0000

    Description:
    As businesses turn to open-source, repositories become a great way to smuggle malicious code.

    FULL STORY ======================================================================

    Cybercriminals are capitalizing on the fact that an increasing number of companies rely on open-source code repositories to build out their software solutions, new research has claimed.

    In the last three years, the number of compromised packages, typosquatting attacks on such platforms, and similar cyberattacks, has skyrocketed - according to a new report from software supply chain management service provider, Sonatype.

    By using its repository Firewall, the company identified more than 55,000 newly published malicious packages, in the last year alone, and almost
    95,000, in the last three years. That brings it up to an average 700% jump in 36 months. Automating analysis

    Almost every modern business relies on open source. Clearly, the use of open source repositories as an entry point for malicious attacks shows no signs of slowing downmaking the early detection of both known and unknown security vulnerabilities more important than ever, said Brian Fox, co-founder and CTO of Sonatype.

    Stopping malicious components before they come in the door is a fundamental element of risk prevention and should be a part of every conversation around protecting software supply chains.

    By combining behavioral analysis and automated policy enforcement, the
    company continuously detects and blocks malicious packages, as well as potentially vulnerable components, it says. Furthermore, it uses AI to evaluate every newly-released open-source software component, to determine if there are any threats. It claims that with the sudden rise in open-source, manual analysis is virtually impossible. Read more

    Microsoft Azure developers targeted with flood of malicious npm packages


    GitHub is getting better at hunting down your dangerous code


    These are the best ransomware protection tools right now

    Whats more, it doesnt even matter if the company uses the malicious component in the final product, or not. If its downloaded on their endpoints , its already too late, the company says.

    The volume, frequency, severity, and sophistication of malicious cyberattacks continue to increase. Organizations cantand shouldntavoid the use of open source just to protect themselves, Fox added. But they can use preventative toolssuch as the Sonatype Firewallto keep developers on track and software supply chains secure. Here's our rundown of the best firewalls around



    ======================================================================
    Link to news story: https://www.techradar.com/news/theres-been-a-huge-rise-in-open-source-cyberatt acks/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)