Techly NewsGet the app

Get the latest tech news

OpenJS: "XZ Utils Cyberattack Likely Not an Isolated Incident"


OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.

The foundation published an extensive list of tips for recognizing these types of threats and suspicious patterns, and steps to secure open source projects and critical infrastructure. He uses the CVSS score of a security advisory multiplied by the number of repositories that depend upon that package to determine the “blast radius.” Looking at it this way, Nesbitt concludes that a moderate vulnerability in a very popular library has a potentially larger impact than a critical CVE in an unpopular one. This experiment on Ecosyste.ms highlights the deeply interconnected relationship between open source packages and their dependencies, and how quickly security incidents can propagate throughout the ecosystem, affecting numerous projects and applications even from a single point of failure.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of XZ Utils

XZ Utils

Photo of isolated incident

isolated incident

Photo of openjs

openjs

Related news:

News photo

What we know about the XZ Utils backdoor that almost infected the world — Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream

« Tailscale SSH is now Generally Available
iPhone 16 Pro: Four new camera features coming this year »