Sonatype Archives - Help Net Security

Sonatype

Sonatype and CyberRes expand collaboration to strengthen application security

October 28, 2022

Sonatype has expanded strategic partnership with CyberRes to provide organizations with a complete open source and application security solution. Building off of an eight-year …

Consumer behaviors are the root of open source risk

October 24, 2022

Sonatype unveiled its eighth annual State of the Software Supply Chain Report which, in addition to a massive surge in open source supply, demand, and malicious attacks, found …

Open source projects under attack, with enterprises as the ultimate targets

September 27, 2022

Sonatype has found a massive year-over-year increase in cyberattacks aimed at open source projects. According to early data from Sonatype’s 8th annual State of the …

Malicious PyPI packages drop ransomware, fileless malware

August 12, 2022

In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, discusses newly found PyPI packages that pack ransomware, and another package that appears …

Python packages with malicious code expose secret AWS credentials

June 27, 2022

Sonatype researchers have discovered Python packages that contain malicious code that peek into and expose secret AWS credentials, network interface information, and …

Infosec products of the month: May 2022

June 1, 2022

Here’s a look at the most interesting products from the past month, featuring releases from: AuditBoard, BIO-key, Cohesity, Corelight, Data Theorem, Deepfence, ForgeRock, …

Hijacking of popular ctx and phpass packages reveals open source security gaps

May 26, 2022

The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send …

New infosec products of the week: May 13, 2022

May 13, 2022

Here’s a look at the most interesting products from the past week, featuring releases from Cohesity, ForgeRock, iDenfy, Nasuni, Orca Security, SecureAge, and Sonatype. …

Sonatype launches solution to remediate malicious and outdated InnerSource components

May 12, 2022

Sonatype announced a capability focused on identifying and remediating InnerSource components that contain vulnerable, malicious, or outdated open source dependencies. With …

What you need to look out for when installing packages from public repositories

April 5, 2022

In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, talks about the risks posed by malicious open source packages. Malicious packages can harm …

Spring4Shell: New info and fixes (CVE-2022-22965)

April 1, 2022

In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE …

Sonatype exceeds $100 million in annual recurring revenue and names Alex Berry as President

January 28, 2022

Sonatype announced it has joined the ranks of the world’s most successful companies and surpassed $100 million in annual recurring revenue (ARR). The company also announced …

Sonatype

Sonatype and CyberRes expand collaboration to strengthen application security

Consumer behaviors are the root of open source risk

Open source projects under attack, with enterprises as the ultimate targets

Malicious PyPI packages drop ransomware, fileless malware

Python packages with malicious code expose secret AWS credentials

Infosec products of the month: May 2022

Hijacking of popular ctx and phpass packages reveals open source security gaps

New infosec products of the week: May 13, 2022

Sonatype launches solution to remediate malicious and outdated InnerSource components

What you need to look out for when installing packages from public repositories

Spring4Shell: New info and fixes (CVE-2022-22965)

Sonatype exceeds $100 million in annual recurring revenue and names Alex Berry as President

Don't miss

Rackspace Hosted Exchange outage was caused by ransomware

Attackers take over expired domain to deliver web skimming scripts

Google Chrome zero-day exploited in the wild (CVE-2022-4262)

How to get cloud migration right

What’s the Matter with digital trust in smart home devices?