Ausnahme gefangen: SSL certificate problem: certificate is not yet valid ๐Ÿ“Œ Three npm Packages Opened Remote-Access Shells on Linux and Windows Systems
Team IT Security Nachrichtenportal Logo

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security
RSS Feed Symbol fรผr Team IT Security 800+ IT News als RSS Feed abonnieren



๐Ÿ“š Three npm Packages Opened Remote-Access Shells on Linux and Windows Systems


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: it.slashdot.org

"Three JavaScript packages have been removed from the npm portal on Thursday for containing malicious code," reports ZDNet. "According to advisories from the npm security team, the three JavaScript libraries opened shells on the computers of developers who imported the packages into their projects." The shells, a technical term used by cyber-security researchers, allowed threat actors to connect remotely to the infected computer and execute malicious operations. The npm security team said the shells could work on both Windows and *nix operating systems, such as Linux, FreeBSD, OpenBSD, and others. All three packages were uploaded on the npm portal in May (first) and September 2018 (last two). Each package had hundreds of downloads since being uploaded on the npm portal. The packages names were: plutov-slack-client nodetest199 nodetest1010 "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer," the npm security team said.

Read more of this story at Slashdot.

...



Sharing is caring on Social Media

๐Ÿ”— Reddit
๐Ÿ”— Telegram
๐Ÿ”— LinkedIn
๐Ÿ”— Xing
๐Ÿ”— Twitter
๐Ÿ”— Whatsapp
๐Ÿ”— Facebook
๐Ÿ”— Flipboard

Join the Team IT Security Community

๐Ÿ”— "IT Sicherheit" Reddit-Gruppe
๐Ÿ”— "IT Sicherheit" Telegramm-Seite

๐Ÿ“Œ Malicious npm Packages Opened Shells On Windows and Linux Systems


๐Ÿ“ˆ 71.91 Punkte

๐Ÿ“Œ Three npm packages found opening shells on Linux, Windows systems


๐Ÿ“ˆ 62.23 Punkte

๐Ÿ“Œ Four npm packages found opening shells and collecting info on Linux, Windows systems


๐Ÿ“ˆ 55.13 Punkte

๐Ÿ“Œ 48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems


๐Ÿ“ˆ 48.99 Punkte

๐Ÿ“Œ On trusting NPM: Early in the month, Lance R. Vick noticed that the maintainer of the NPM foreach package let their personal email domain expire, so they bought it and now โ€œcontrols foreach on NPM and the 36,826 projects that depend on itโ€.


๐Ÿ“ˆ 40.9 Punkte

๐Ÿ“Œ NPM nukes NodeJS malware opening Windows, Linux reverse shells


๐Ÿ“ˆ 34.45 Punkte

๐Ÿ“Œ pkgsrc-2018Q4 branch announcement: more than 22,500 packages, running on 23 separate platforms (including pre-compiled binary packages for Linux, MacOS and SmartOS, from a single source-code repository and compiled by multiple vendors)


๐Ÿ“ˆ 30.24 Punkte

๐Ÿ“Œ pkgsrc-2018Q4 branch announcement: more than 22,500 packages, running on 23 separate platforms (including pre-compiled binary packages for Linux, MacOS and SmartOS, from a single source-code repository and compiled by multiple vendors)


๐Ÿ“ˆ 30.24 Punkte

๐Ÿ“Œ Announcing the pkgsrc-2019Q1 release: more than 22,000 packages, running on 23 separate platforms (including pre-compiled binary packages for GNU/Linux, macOS and SmartOS, from a single source-code repository and compiled by multiple vendors)


๐Ÿ“ˆ 30.24 Punkte

๐Ÿ“Œ pkgsrc-2019Q3 release announcement: more than 20,000 packages, running on 23 separate platforms (including pre-compiled binary packages for GNU/Linux, macOS and SmartOS, from a single source-code repository and compiled by multiple vendors)


๐Ÿ“ˆ 30.24 Punkte

๐Ÿ“Œ pkgsrc-2020Q3 released: more than 22,000 packages, running on 23 separate platforms (including pre-compiled binary packages for GNU/Linux, macOS and SmartOS, from a single source-code repository and compiled by multiple vendors)


๐Ÿ“ˆ 30.24 Punkte

๐Ÿ“Œ 241 npm and PyPI packages caught dropping Linux cryptominers


๐Ÿ“ˆ 28.81 Punkte

๐Ÿ“Œ Problems trying to installing mailpile on Ubuntu 20.04.2 LTS. I followed the same steps for installation and it says โ€œsome packages could not be installedโ€. And also another response is โ€œunable to correct problems, you have held broken packagesโ€.


๐Ÿ“ˆ 27.75 Punkte

๐Ÿ“Œ Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms


๐Ÿ“ˆ 26.32 Punkte

๐Ÿ“Œ Malicious NPM Packages Snatch Data from Apps and Website Forms, Researchers Say


๐Ÿ“ˆ 26.32 Punkte

๐Ÿ“Œ LofyLife: malicious npm packages steal Discord tokens and bank card data


๐Ÿ“ˆ 26.32 Punkte

๐Ÿ“Œ GitHub Sponsor Sindre Sorhus, awesome lists and npm packages


๐Ÿ“ˆ 26.32 Punkte

๐Ÿ“Œ GitHub Security Lab: codeql-go: Expand Go standard library taint-tracking models to 63 packages, 554 models and 733 tests (from ~13 packages, ~103 models, ~50 tests)


๐Ÿ“ˆ 25.96 Punkte

๐Ÿ“Œ 116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems


๐Ÿ“ˆ 25.04 Punkte

๐Ÿ“Œ Medium CVE-2020-7614: Npm-programmatic project Npm-programmatic


๐Ÿ“ˆ 24.88 Punkte

๐Ÿ“Œ NPM swats path traversal bug that lets evil packages modify, steal files. That's bad for JavaScript crypto-wallets


๐Ÿ“ˆ 24.53 Punkte

๐Ÿ“Œ Erroneous 'Spam' Flag Affected 102 npm Packages


๐Ÿ“ˆ 24.53 Punkte

๐Ÿ“Œ Four npm packages found uploading user details on a GitHub page


๐Ÿ“ˆ 24.53 Punkte

๐Ÿ“Œ Malicious npm Packages Published Usersโ€™ Data On GitHub Page


๐Ÿ“ˆ 24.53 Punkte

๐Ÿ“Œ Two Malicious npm Packages Targeted Users With njRAT Malware


๐Ÿ“ˆ 24.53 Punkte

๐Ÿ“Œ Discord-Stealing Malware Invades npm Packages


๐Ÿ“ˆ 24.53 Punkte

๐Ÿ“Œ Malicious NPM packages target Amazon, Slack with new dependency attacks


๐Ÿ“ˆ 24.53 Punkte

๐Ÿ“Œ Over 1200 NPM Packages Found Involved in "CuteBoi" Cryptomining Campaign


๐Ÿ“ˆ 24.53 Punkte

๐Ÿ“Œ Malicious npm packages steal Discord usersโ€™ payment card info


๐Ÿ“ˆ 24.53 Punkte

๐Ÿ“Œ Malicious npm packages spotted delivering njRAT Trojan


๐Ÿ“ˆ 24.53 Punkte

๐Ÿ“Œ Open source โ€˜Package Analysisโ€™ tool finds malicious npm, PyPI packages


๐Ÿ“ˆ 24.53 Punkte

๐Ÿ“Œ Malicious NPM packages used to grab data from apps, websites๏ฟผ


๐Ÿ“ˆ 24.53 Punkte

๐Ÿ“Œ Malware-laced npm packages used to target Discord users


๐Ÿ“ˆ 24.53 Punkte

๐Ÿ“Œ Malicious Npm Packages Designed to Steal Discord Tokens


๐Ÿ“ˆ 24.53 Punkte

๐Ÿ“Œ Malicious Npm Packages Tapped Again to Target Discord Users


๐Ÿ“ˆ 24.53 Punkte











matomo

Kontakt

24/7 kontakt@tsecurity.de

Weitere Informationen

Google Android Playstore Download Button fรผr Team IT Security
๐Ÿ”— Impressum
๐Ÿ”— Datenschutz
Paypal Spenden fรผr Projekt

Social Media

๐Ÿ”— Facebook
๐Ÿ”— Reddit
๐Ÿ”— Team IT Security als Elektron App
๐Ÿ”— © 2015-2023 Team IT Security Nachrichtenportal รผber Cybersecurity
๐Ÿ”— CMS "myDraft" a PHP Portal Software