Outer Web | Explore

Explore >> Select a destination

You are here		bartwullems.blogspot.com Understanding Supply-Chain Attacks and OWASP Dependency Check
\|	\|	snyk.io Polyfill supply chain attack embeds malware in JavaScript CDN assets \| Snyk	3.7 parsecs away Travel
\|	\|	On June 25, 2024, the Sansec security research and malware team announced that a popular JavaScript polyfill project had been taken over by a foreign actor identified as a Chinese-originated company.	3.7 parsecs away Travel
\|	\|	tomrenner.com Cull your dependencies \| My place to put things	6.0 parsecs away Travel
\|	\|	Anyone writing code professionally in December 2021 will remember the "fun" of the Log4J vulnerability. For those that weren't - this was a critical security error that allowed attackers to run any code they wanted on your servers. The root cause was a logging library, Log4J, that is used by most projects that are writting in Java. It's usually used to write code something like: log.info("Process completed successfully"); which will then appear in your logs, allowing you to track your application's behaviour. Pretty innocuous stuff.	6.0 parsecs away Travel
\|	\|	hypirion.com A Resilient Git Dependency Algorithm	8.7 parsecs away Travel
\|	\|	What do we do when we can't compare dependency versions?	8.7 parsecs away Travel
\|	\|	securitybrief.in 75% of critical infrastructure sectors faced ransomware attacks, reveals Claroty	15.5 parsecs away Travel
\|		Research by cybersecurity firm Claroty reveals 75% of critical infrastructure sectors experienced ransomware attacks in the past year.	15.5 parsecs away Travel