cybersecurity

4610 readers

48 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks

tweedge

The Solidity Language open-source package was used in a $500,000 crypto heist (securelist.com)

submitted 6 days ago by Pro@programming.dev to c/cybersecurity

4 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] kristoff 2 points 3 days ago

Concerning this particular article, perhaps the vulnerability here are not a mallicious software packages, but the management of these software repo's.

Should it be possible to upload a package on a repo with 99% of the same name as one that already exists without some additional checks?

permalink
fedilink
source
parent