MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
points
Recherche

Open source package entry points could be used for command jacking

lundi 14 octobre 2024, 17:48 , par InfoWorld
Open source application packages, including those in Python and JavaScript, have a vulnerability in their entry points that could be used by threat actors to execute malicious code to steal data, plant malware, and more.

This warning to developers and infosec leaders comes in a report released today by researchers at Checkmarx.

They dub the techniques “command jacking,” because attackers can use entry points to run specific commands impersonating popular third-party tools and system commands. But attackers could also leverage malicious plugins and extensions.
Lire la suite sur InfoWorld
https://www.csoonline.com/article/3560931/open-source-package-entry-points-could-be-used-for-command...

Voir aussi

points Ces modèles d'IA raisonnent mieux que leurs homologues open source, mais le cerveau humain garde l'avantage ZDNet.fr16 Oct
could 'Open Source Royalty and Mad Kings' Slashdot14 Oct
entry Sitina is an open-source full-frame camera BoingBoing14 Oct
jacking How do we fund open source? InfoWorld14 Oct
open Sony Linkbuds Open Review: Better Battery, Softer Sound Wired: Tech.11 Oct
command Mystery tree grown from 1,000-year-old seed likely source of ancient medicinal balm BoingBoing10 Oct
used 'Automattic is Doing Open Source Dirty,' Ruby on Rails Creator Says Slashdot10 Oct
source Reforj is a lowpoly take on the Minecraft open-world formula BoingBoing10 Oct
attackers Jeux olympiques, NIS2, menace quantique… les points chauds de l'Anssi exposés à Monaco ZDNet.fr10 Oct
malicious Première version de l'IA open source, voyons ce que ça donne ZDNet.fr10 Oct
package DIY Photographer Builds Full-Frame Camera, Open-Sources the Project Slashdot10 Oct
commands Open-Source AI Definition Finally Gets Its First Release Candidate Slashdot10 Oct
points Les réseaux sociaux : une source d’information incontournable ZDNet.fr 9 Oct
could [$] The Open Source Pledge: peer pressure to pay maintainers LWN.net 8 Oct
entry How IT admins should think about a more open Apple ComputerWorld 8 Oct
jacking Fintech OpenBB Aims To Be More Than an 'Open Source Bloomberg Terminal' Slashdot 8 Oct
open Google vows to fight Epic Games court ruling to protect Android’s open platform and user choice BetaNews 8 Oct
command Drasi : le nouveau projet open-source de Microsoft TooLinux 8 Oct
used Google must crack open Android for third-party stores, rules Epic judge OS News 7 Oct
source Google Ordered To Make Sweeping Changes, Open Android App Store To Rivals Slashdot 7 Oct
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
mer. 16 oct. - 12:23 CEST