searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
Help Net Security
Help Net Security
April 14, 2022
Share

New npm flaws let attackers better target packages for account takeover

In this video for Help Net Security, Yakir Kadkoda, Lead Security Researcher, and Assaf Morag, Lead Data Analyst at Aqua Security, talk about new npm flaws that allow attackers to target packages for account takeover.

Npm is the default package manager for Node.js, an open-source, crossplatform JavaScript runtime environment. The npm command line client allows users to access the npm Registry, which host a multitude of public and paid-for private packages.

Recently, the npm Registry implemented a 2FA mechanism, and Aqua Security researchers identified two flaws in it, which attackers can use to target npm packages for account takeover attacks.

More about
  • account hijacking
  • Aqua Security
  • cyberattack
  • JavaScript
  • video
Share this

Featured news

  • A bug revealed ChatGPT users’ chat history, personal and billing data
  • Known unknowns: Refining your approach to uncategorized web traffic
  • Prioritizing data security amid workforce disruptions
How to protect online privacy in the age of pixel trackers

Sponsored

Webinar: Tips from MSSPs to MSSPs – starting a vCISO practice

Security in the cloud with more automation

CISOs struggle with stress and limited resources

How to scale cybersecurity for your business

Don't miss

BEC scammers are after physical goods, the FBI warns

A bug revealed ChatGPT users’ chat history, personal and billing data

Known unknowns: Refining your approach to uncategorized web traffic

Prioritizing data security amid workforce disruptions

CISA releases free tool for detecting malicious activity in Microsoft cloud environments

Cybersecurity news
Help Net Security - Daily information security news with a focus on enterprise security.
© Copyright 1998-2023 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us