Did cybercriminals manage to carry out their plans?
Recently, cybersecurity experts successfully prevented an attempt to hack a project on the OpenJS platform, which in general terms is very similar to the recent incident with a backdoor in the XZ Utils compression utility.
On Monday, April 15, the non-profit organization OpenJS Foundation, which monitors JavaScript projects used by billions of sites around the world, received a series of suspicious emails. The senders requested an urgent update of one of the popular projects to fix critical vulnerabilities, without specifying details.
Robin Bender Ginn of OpenJS and Omkar Arasaratnam of the Open Source Security Foundation reported that the authors of the letters insisted on appointing them as new managers of one of the popular projects (the name was not disclosed), despite the lack of previous experience working on it.
Experts noted the similarity of the methods with the actions of a hacker named Jia Tan, to whom we previously devoted a separate material. It was Jia Tan, whose identity could hide a whole team of experienced hackers, who previously managed to introduce a backdoor into the XZ Utils utility.
Ginn and Arasaratnam stressed that none of the applicants were granted privileged access to the project, as experts quickly became suspicious.
According to Chris Hughes of Endor Labs, about a quarter of all cybersecurity projects have a single manager, and 94% of projects have less than ten. He noted that the open source software ecosystem is extremely heterogeneous and vulnerable due to the global dependence on anonymous and disparate developers.
CISA officials Jack Cable and Aeva Black expressed the need to review approaches to safety in manufacturing technologies. They argue that companies that use open source software should contribute by supporting the sustainability of the ecosystem, including financially or through developer time.
Arasaratnam also reported on the Linux Foundation's plans to develop special guidelines for project managers who may face aggressive attempts to intercept management. He also stressed the importance of supporting managers in the fight against social engineering and manipulation, which can potentially lead to very serious consequences.
Recently, cybersecurity experts successfully prevented an attempt to hack a project on the OpenJS platform, which in general terms is very similar to the recent incident with a backdoor in the XZ Utils compression utility.
On Monday, April 15, the non-profit organization OpenJS Foundation, which monitors JavaScript projects used by billions of sites around the world, received a series of suspicious emails. The senders requested an urgent update of one of the popular projects to fix critical vulnerabilities, without specifying details.
Robin Bender Ginn of OpenJS and Omkar Arasaratnam of the Open Source Security Foundation reported that the authors of the letters insisted on appointing them as new managers of one of the popular projects (the name was not disclosed), despite the lack of previous experience working on it.
Experts noted the similarity of the methods with the actions of a hacker named Jia Tan, to whom we previously devoted a separate material. It was Jia Tan, whose identity could hide a whole team of experienced hackers, who previously managed to introduce a backdoor into the XZ Utils utility.
Ginn and Arasaratnam stressed that none of the applicants were granted privileged access to the project, as experts quickly became suspicious.
According to Chris Hughes of Endor Labs, about a quarter of all cybersecurity projects have a single manager, and 94% of projects have less than ten. He noted that the open source software ecosystem is extremely heterogeneous and vulnerable due to the global dependence on anonymous and disparate developers.
CISA officials Jack Cable and Aeva Black expressed the need to review approaches to safety in manufacturing technologies. They argue that companies that use open source software should contribute by supporting the sustainability of the ecosystem, including financially or through developer time.
Arasaratnam also reported on the Linux Foundation's plans to develop special guidelines for project managers who may face aggressive attempts to intercept management. He also stressed the importance of supporting managers in the fight against social engineering and manipulation, which can potentially lead to very serious consequences.
