@orenyomtov It's just disabled by default and not actually fixed, right? Along with a lockfile bypass affecting git dependencies for which I submitted fixing PRs 6 months ago.
@bradleymeck 10 years ago NPM claimed they are working with security vendors to scan packages before publishing, but that scanning the entire package would be "prohibitively expensive".
Are there any efforts to implement this type of scanning at the registry level? https://t.co/g45hzUcIgG
🚨 BREAKING: Wiz Research discovered Remote Code Execution on https://t.co/SvN2lGsnbO with a single git push
The flaw in @github allowed unauthorized access to millions of repositories belonging to other users and organizations 🤯
@sekurlsa_pw@vxunderground Here is the video of ilspy[.]org: https://t.co/qDfpeydr4d
The ilspy[.]net is used by the UpdateService: https://t.co/UicfT7gZgt
Bit confusing - currently the GH-Page redirects to the non-TLS custom domain, which is seemingly served by GitHub again.
נראה שאתר ILSpy* נפרץ באופן כלשהו והתחיל להפנות משתמשים להורדת תוספים לדפדפן ועוד... וגם מה הקשר המוזר לישראל...
קיבלתי מכם דיווחים לפני מספר שעות בנושא, לאחר שמשתמשים שגלשו באתר נתקלו ברידיירקט לאתר צד ג' המבקש מהם להוריד תוסף לדפדפן.
האתר המפיץ כביכול את התוספים החשודים הוא:
https[:]//www.recipioapp[.] com/
ובצור קשר שם ניתן לראות כי הדומיין הוא togonetworksltd[.]com.
בחיפוש קצר נראה כי מדובר בחברה בשם טוגו שנרשמה גם בישראל תחת כתובת בדרך בגין ת"א.
נראה שהדומיין הזה קשור איכשהו לדומיין נוסף: mediaarenaltd[.]com שכבר סומן בעבר ככזה המפיץ נוזקות ואף הוא רשום בגוגל כעסק שפועל מהרצליה....
בינתיים התוספים אליהם הופנו המשתמשים לא מזוהים כזדוניים ב-VT אבל אין ספק שמשהו כאן חשוד וזה נראה כמו קמפיין זדוני.
אתר ILSpy ירד מהאוויר לזמן מה בשעות האחרונות אבל כרגע הוא שוב באוויר וזה עדיין לא תוקן.
בקיצור סיפור מוזר. מניח שדברים יתבהרו בהמשך.
מצ"ב ווידאו ששלח אלי אחד העוקבים בערוץ.
*מוצר ILSpy הוא כלי קוד פתוח לניתוח והרצה לאחור של קבצי .NET
https://t.co/8ZIg3sLyTn
@feross@a16z Could Socket prevent similar attacks by scanning packages before publication? It sounds to me like the tech is ready and NPM is either not doing it or uses Copilot: https://t.co/NZysIPvOP7
@bradleymeck 10 years ago NPM claimed they are working with security vendors to scan packages before publishing, but that scanning the entire package would be "prohibitively expensive".
Are there any efforts to implement this type of scanning at the registry level? https://t.co/g45hzUcIgG
@akses_0x00@ZackKorman@SimoKohonen They are already reporting detections to the registry for free - the registry should start paying them imho. The video in this thread shows they've found 321k+ packages with threats, so it seems to be a very effective and cost-efficient approach: https://t.co/urUtk5qGdG
@DanielLockyer@feross Yes, we report malicious packages to npm and all the other open source registries we support. Some of them take down packages almost instantly and others take much longer to respond (sometimes weeks).
@akses_0x00@ZackKorman@SimoKohonen I'm only interested in detections and pre-publish scans. They are a business, so they could offer it to the registry. Avoiding privacy + supply chain risks by protecting everyone and pre-filtering for open source scanners: https://t.co/NZysIPvOP7
@bradleymeck 10 years ago NPM claimed they are working with security vendors to scan packages before publishing, but that scanning the entire package would be "prohibitively expensive".
Are there any efforts to implement this type of scanning at the registry level? https://t.co/g45hzUcIgG
@bradleymeck 10 years ago NPM claimed they are working with security vendors to scan packages before publishing, but that scanning the entire package would be "prohibitively expensive".
Are there any efforts to implement this type of scanning at the registry level? https://t.co/g45hzUcIgG
@ZackKorman@SimoKohonen That's too simplistic. They are doing a pretty good job over there imho and the solution to yet-another-dependency would be for the registry to add pre-publish scans and work with security vendors as they promised over 10 years ago: https://t.co/g45hzUcIgG
A bigger issue than collisions is branch shadowing if the resolver isn't implemented properly (like in npm) or the contents are loaded as a tarball (codeload). Copying go.sum behavior after already using it for comparison should have been the obvious choice there.
I get that SHA1 is baked into Git and @github mitigates known collision patterns.
But for Actions locking (GH controlled feature) Why anchor trust on commit hashes and SHA-1 at all?
No interoperability constraint here.
https://t.co/lpzXh5TSIH
@adnanthekhan@cyb3rjerry Oh, didn't read the blog properly. After seeing "go.sum" and "locks" I got excited and thought for a second they would perform actual source integrity, but it's just a different place to set the resolved-SHA.
@evilsocket@N3mes1s About 7 hours after I asked them explicitly about this I received a phishing attempt on a mail present in old commits. Maybe a coincidence, but the host later redirected to yet another rick roll and I haven't seen others report "gjthub [.] net" publicly yet.
@evilsocket@N3mes1s About 7 hours after I asked them explicitly about this I received a phishing attempt on a mail present in old commits. Maybe a coincidence, but the host later redirected to yet another rick roll and I haven't seen others report "gjthub [.] net" publicly yet.
@adnanthekhan@LiteLLM@AquaSecTeam Have you seen the GHSA for trivy-action from 18.02.? https://t.co/ok8rkIZXMa
Committed as "Merge commit from fork" and didn't actually fix the issue. Am I missing something here?
When they fixed it 2 days later there was no second GHSA, also didn't run zizmor for "trivy" Actions.
@evilsocket@N3mes1s After the hackerbot-claw incident: https://t.co/9oHUKn1O4B
In the current incident thread they didn't clarify yet if the PAT stolen 3 weeks prior was ever revoked.
The malicious docker images were pushed almost 3 days after the third compromise.
Anthropic’s #Claude recently analyzed open source projects and uncovered hundreds of serious vulnerabilities, many that had existed for years.
AI is accelerating vulnerability discovery. Remediation is not keeping up. This is why runtime enforcement matters.
https://t.co/qnRkklFJIy
#AquaSec #RuntimeSecurity
@ramimacisabird@akses_0x00 Signing commits+tags with a separate SSH key had a very low barrier of entry to me and requires a local compromise (even without a password). Using SSH-SK over FIDO2 would be better, but I think signatures don't enforce user presence (yet).
Today is day 3 of Cryspen leaving a critical nonce reuse vulnerability in a HPKE implementation used by both Signal and OpenMLS unpatched, despite there being a pull request with a tested fix: https://t.co/a1PV9MzlFL
npm also does not use integrity for git dependencies, loads them as tarballs and falls back to ssh (with "StrictHostKeyChecking=accept-new" for no reason) even when you typed git+https, all while confusing pinned commits with branches.
🚨 PackageGate - 𝗪𝗲'𝘃𝗲 𝗱𝗶𝘀𝗰𝗼𝘃𝗲𝗿𝗲𝗱 𝟲 𝘇𝗲𝗿𝗼-𝗱𝗮𝘆𝘀 𝗶𝗻 𝗝𝗮𝘃𝗮𝗦𝗰𝗿𝗶𝗽𝘁 𝗽𝗮𝗰𝗸𝗮𝗴𝗲 𝗺𝗮𝗻𝗮𝗴𝗲𝗿𝘀 𝘁𝗵𝗮𝘁 𝗯𝘆𝗽𝗮𝘀𝘀 𝘁𝗵𝗲 𝗱𝗲𝗳𝗲𝗻𝘀𝗲𝘀 𝗲𝘃𝗲𝗿𝘆𝗼𝗻𝗲 𝗮𝗱𝗼𝗽𝘁𝗲𝗱 𝗮𝗳𝘁𝗲𝗿 𝗦𝗵𝗮𝗶-𝗛𝘂𝗹𝘂𝗱. 𝗻𝗽𝗺 𝗶𝘀 𝗿𝗲𝗳𝘂𝘀𝗶𝗻𝗴 𝘁𝗼 𝗳𝗶𝘅, 𝘀𝗼 𝘄𝗲'𝗿𝗲 𝗯𝗹𝗼𝘄𝗶𝗻𝗴 𝘁𝗵𝗲 𝘄𝗵𝗶𝘀𝘁𝗹𝗲:
After Shai-Hulud compromised 700+ packages last November, everyone adopted the same 2 defenses: disable lifecycle scripts and commit lockfiles. We searched for holes in that playbook and found 6 zero-days across npm, pnpm, vlt, and Bun. We're calling this discovery - 𝗣𝗮𝗰𝗸𝗮𝗴𝗲𝗚𝗮𝘁𝗲 👇
🛡️ 𝗗𝗲𝗳𝗲𝗻𝘀𝗲 𝟭 - 𝗗𝗶𝘀𝗮𝗯𝗹𝗲 𝘀𝗰𝗿𝗶𝗽𝘁𝘀: Packages can automatically run code when you install them, but the --𝘪𝘨𝘯𝘰𝘳𝘦-𝘴𝘤𝘳𝘪𝘱𝘵𝘴 flag is supposed to block that.
We found bypasses in npm, pnpm, vlt, and Bun - ranging from config hijacks to git loopholes to file overwrites to blind trust in package names.
🔓 𝗗𝗲𝗳𝗲𝗻𝘀𝗲 𝟮 - 𝗟𝗼𝗰𝗸𝗳𝗶𝗹𝗲𝘀: Lockfiles guarantee you get the exact same code every time you install.
We found that pnpm and vlt don't verify externally-hosted packages. Attackers can serve clean code during review, then swap in malware later.
✅ pnpm, vlt, and Bun all patched their exploits within weeks.
❌ npm closed our report as "works as expected." We challenged the decision, requested mediation, and reached out directly to their team. No response. This is the last open vulnerability out of the 6.
If your organization depends on npm with --𝘪𝘨𝘯𝘰𝘳𝘦-𝘴𝘤𝘳𝘪𝘱𝘵𝘴 as your safety net, that net has a hole in it right now. 𝗖𝗼𝘂𝗻𝘁𝗹𝗲𝘀𝘀 𝗼𝗿𝗴𝗮𝗻𝗶𝘇𝗮𝘁𝗶𝗼𝗻𝘀 𝗮𝗿𝗲 𝘀𝘁𝗶𝗹𝗹 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗹𝗲 𝘁𝗼 𝗮 𝗽𝗼𝘁𝗲𝗻𝘁𝗶𝗮𝗹 𝗦𝗵𝗮𝗶 𝗛𝘂𝗹𝘂𝗱 𝟯.