Video walkthrough: Cybertech Tel Aviv 2023
Help Net Security is in Israel this week for Cybertech Tel Aviv 2023, talking to the key players from the cybersecurity industry and businesses from a wide range of sectors, …
Sonatype
A closer look at malicious packages targeting Python developers
In this Help Net Security video, Carlos Fernandez, Security Researcher at Sonatype, talks about how their AI system caught packages that attack Python developers with a unique …
Sonatype and CyberRes expand collaboration to strengthen application security
Sonatype has expanded strategic partnership with CyberRes to provide organizations with a complete open source and application security solution. Building off of an eight-year …
Consumer behaviors are the root of open source risk
Sonatype unveiled its eighth annual State of the Software Supply Chain Report which, in addition to a massive surge in open source supply, demand, and malicious attacks, found …
Open source projects under attack, with enterprises as the ultimate targets
Sonatype has found a massive year-over-year increase in cyberattacks aimed at open source projects. According to early data from Sonatype’s 8th annual State of the …
Malicious PyPI packages drop ransomware, fileless malware
In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, discusses newly found PyPI packages that pack ransomware, and another package that appears …
Python packages with malicious code expose secret AWS credentials
Sonatype researchers have discovered Python packages that contain malicious code that peek into and expose secret AWS credentials, network interface information, and …
Infosec products of the month: May 2022
Here’s a look at the most interesting products from the past month, featuring releases from: AuditBoard, BIO-key, Cohesity, Corelight, Data Theorem, Deepfence, ForgeRock, …
Hijacking of popular ctx and phpass packages reveals open source security gaps
The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send …
New infosec products of the week: May 13, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Cohesity, ForgeRock, iDenfy, Nasuni, Orca Security, SecureAge, and Sonatype. …
Sonatype launches solution to remediate malicious and outdated InnerSource components
Sonatype announced a capability focused on identifying and remediating InnerSource components that contain vulnerable, malicious, or outdated open source dependencies. With …
What you need to look out for when installing packages from public repositories
In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, talks about the risks posed by malicious open source packages. Malicious packages can harm …