MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
points
Search

Open source package entry points could be used for command jacking

Monday October 14, 2024. 05:48 PM , from InfoWorld
Open source application packages, including those in Python and JavaScript, have a vulnerability in their entry points that could be used by threat actors to execute malicious code to steal data, plant malware, and more.

This warning to developers and infosec leaders comes in a report released today by researchers at Checkmarx.

They dub the techniques “command jacking,” because attackers can use entry points to run specific commands impersonating popular third-party tools and system commands. But attackers could also leverage malicious plugins and extensions.
Read more at InfoWorld
https://www.csoonline.com/article/3560931/open-source-package-entry-points-could-be-used-for-command...

Related News

points The open secret of open washing – why companies pretend to be open source TheRegisterOct 25
could San Francisco billboards call out tech firms for not paying for open source TheRegisterOct 25
entry Hugging Face pitches HUGS as an alternative to Nvidia’s NIM for open models InfoWorldOct 25
jacking What is .NET? Microsoft’s answer to Java is now free and open source InfoWorldOct 25
open Google Offers Its AI Watermarking Tech As Free Open Source Toolkit SlashdotOct 24
command Google just open-sourced its AI text detection tool for everyone PC WorldOct 24
used Syncfusion open-sources UI controls for .NET MAUI InfoWorldOct 23
source Two-thirds of leaders feel genAI will reshape entry-level jobs ComputerWorldOct 22
attackers 11 open source AI projects that developers will love InfoWorldOct 21
malicious Open source LLM tool primed to sniff out Python zero-days TheRegisterOct 20
package Winamp source code vanishes from GitHub BetaNewsOct 17
commands Open-sourcing of WinAmp Goes Badly As Owners Delete Entire Repo SlashdotOct 16
points Opening up the WinAmp source to all goes badly as owners delete entire repo TheRegisterOct 16
could 'Open Source Royalty and Mad Kings' SlashdotOct 14
entry Sitina is an open-source full-frame camera BoingBoingOct 14
jacking How do we fund open source? InfoWorldOct 14
open Sony Linkbuds Open Review: Better Battery, Softer Sound Wired: Tech.Oct 11
command Mystery tree grown from 1,000-year-old seed likely source of ancient medicinal balm BoingBoingOct 10
used 'Automattic is Doing Open Source Dirty,' Ruby on Rails Creator Says SlashdotOct 10
source Reforj is a lowpoly take on the Minecraft open-world formula BoingBoingOct 10
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Nov, Fri 15 - 23:52 CET