After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique:
The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular JavaScript projects to “address any critical vulnerabilities,” yet cited no specifics. The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement. This approach bears strong resemblance to the manner in which “Jia Tan” positioned themselves in the XZ/liblzma backdoor.
[…]
The OpenJS team also recognized a similar suspicious pattern in two other popular JavaScript projects not hosted by its Foundation, and immediately flagged the potential security concerns to respective OpenJS leaders, and the Cybersecurity and Infrastructure Security Agency (CISA) within the United States Department of Homeland Security (DHS).
The article includes a list of suspicious patterns, and another list of security best practices.
More Stories
Friday Squid Blogging: Emotional Support Squid
When asked what makes this an “emotional support squid” and not just another stuffed animal, its creator says: They’re emotional...
Nissan reveals ransomware attack exposed 53,000 workers’ social security numbers
Nissan North America has revealed that extortionists who demanded a ransom after breaking into its external VPN and disrupted systems...
UK Councils Warn of Data Breach After Attack on Medical Supplier
Multiple UK councils have warned that residents’ personal data may have been compromised following a ransomware attack on NRS Healthcare...
How to Protect Yourself on Social Networks
There are now over 5 billion active social media users worldwide, representing 62.3% of the global population. While social networks...
New Android Banking Trojan Mimics Google Play Update App
A new banking Trojan targeting Android devices shows multifaceted capabilities Read More
FBI Seizes BreachForums Website
The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has...