Nouvelle vulnérabilité zero-day critique dans la bibliothèque populaire Log4j | Lire l'article

Informations Nexus Intelligence

Essayer maintenant  
REGARDER LA VIDÉO

Deep dive into Sonatype Security Research

See incredible research performed (24x7x365) by our team.  Learn how open source exploits work.  Get expert guidance on how to remediate risk.
Image of a man holding a chainsaw with smoke around him

New Log4j 1.x CVEs, and critical Chainsaw Vulnerability — What to Do?

By Ax Sharma on January 21, 2022 vulnerabilities

This week Apache disclosed 3 vulnerabilities impacting Log4j 1.x versions.

Lire la suite

npm Libraries ‘colors’ and ‘faker’ Sabotaged in Protest by their Maintainer—What to do Now?

By Ax Sharma on January 10, 2022 vulnerabilities

In what can only be described as one of the most bizarre events in the history of open source, we find that the massively popular open source libraries, colors.js, and faker.js were sabotaged by

Lire la suite
Image of the word hijacking in scrabble like letters with coding scripts behind it

Researcher Takes Over qr.js via Repo Hijacking. Is the npm Package Safe?

By Ax Sharma on December 31, 2021 vulnerabilities

We can’t end this year without talking about open source package hijacks one more time.

Lire la suite
Stylized drawing of a large reptile

Log4j 2.17.1 fixes another code execution bug, but should you worry?

By Ax Sharma on December 29, 2021 vulnerabilities

Approx reading time: 6 mins

Lire la suite
Image of a column building with the word bank on it

Les failles Log4j sont maintenant utilisées pour diffuser le cheval de Troie bancaire Dridex

By Ax Sharma on December 21, 2021 vulnerabilities

As the log4j vulnerability disclosures come out, and ongoing exploitation in the wild is on, we have been closely monitoring developments and tracking the gap between the disclosures and how fast

Lire la suite

Log4shell en chiffres - Pourquoi CVE-2021-44228 a-t-il mis le feu à Internet ?

By Ilkka Turunen on December 14, 2021 vulnerabilities

On Friday, the news broke about Log4Shell, an easy-to-exploit vulnerability being exploited across the world. We have kept our blog from Friday up to date with the latest news, mitigations and

Lire la suite
Laptop with code showing open source vulnerability exploit

Critical New 0-day Vulnerability in Popular Log4j Library Discovered  with Evidence of Mass Scanning for Affected Applications - Latest updates

By Ilkka Turunen on December 10, 2021 vulnerabilities

News broke early Friday morning of a serious 0-day Remote Code Execution exploit in log4j - CVE-2021-44228- the most popular java logging framework used by Java software far and wide. This type of

Lire la suite
Malware

Tracking the ‘Noblox.js’ npm Malware Campaign

By Juan Aguirre on November 23, 2021 vulnerabilities

A new malicious package, noblox.js-rpc was spotted on the npm registry this month that leverages the same techniques we saw before to steal all sorts of sensitive data like credentials, files, and

Lire la suite

NPM Hijackers at it Again: Popular ‘coa’ and ‘rc’ Open Source Libraries Taken Over to Spread Malware

By Juan Aguirre on November 05, 2021 vulnerabilities

Just last week we saw the popular npm package `ua-parser-js` get hijacked. Malicious actors gained access to the project maintainer’s npm account and published malicious versions that attempted to

Lire la suite
Scary-movie style scene of hand on television screen.

Un faux paquet npm Roblox API installe un ransomware et a une surprise effrayante

By Juan Aguirre on October 27, 2021 vulnerabilities

The world was just coming to terms with the “ua-parser-js” npm library hijacking incident, and Sonatype’s discovery of crypto-mining malware from last week, when we found a bigger, and spookier,

Lire la suite
Disabling an explosive

Popular npm Project Used by Millions Hijacked in Supply-Chain Attack

By Ax Sharma on October 25, 2021 vulnerabilities

Last week, Sonatype reported our discovery of three malicious npm cryptomining packages on npm: klow, klown, and okhsa. These packages, which infiltrated the npm registry between October 12th and

Lire la suite
Image of bitcoin breaking through a dollar bill

Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices

By Sonatype Security Research Team on October 20, 2021 vulnerabilities

Update: Following our disclosure of these malicious packages, the legitimate library "ua-parser-js" used by millions was itself was found to be compromised. We have released a subsequent blog post

Lire la suite
Image of a line of cones with one knocked over

From Feature to Vulnerability: a spring-security-oauth2-client Story

By Juan Aguirre on August 27, 2021 vulnerabilities

Spring Security provides security services for the Spring IO Platform, available on their Github repository. Today we focus on the “oauth2” client, which provides an application with the

Lire la suite
Twitter LinkedIn Facebook YouTube GitHub
Produits
OUTILS GRATUITS
Solutions
Ressources
Portail client
Company
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759

Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102

Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia

London Office -168 Shoreditch High Street, E1 6HU London

Copyright © 2008-présent, Sonatype Inc. Tous droits réservés. Inclut les codes de tiers listés ici. Sonatype et Sonatype Nexus sont des marques déposées de Sonatype, Inc. Apache Maven et Maven sont des marques déposées d'Apache Software Foundation. M2Eclipse est une marque déposée d'Eclipse Foundation. Toutes les autres marques déposées sont la propriété de leur détenteur respectif.

Conditions de service    Politique de confidentialité    Event Terms and Conditions   Do Not Sell My Personal Information