Java Serialisation - the gift that keeps on taking (Part 3)

By Steve Poole on July 02, 2022 Cybersecurity

7 minute read time

part 3 java serialisation deep dive gadget chains and denial of service attacks
Read More...

Wicked Good Development: Vulnerability Drills - the Intention, Habit, and Impact

By Kadi Grigg on July 01, 2022 Software Supply Chain

27 minute read time

To prepare for the unexpected, check your code and run vulnerability drills to create muscle memory for engineering teams and build better software.
Read More...

This Week in Malware—Python Cryptominers, 345 Dependency Confusion Packages

By Ax Sharma on July 01, 2022 vulnerabilities

17 minute read time

This week's highlights include a PyPI typosquat that drops a cryptominer and AWS credential stealer, along with an influx of 345 dependency confusion packages caught by Sonatype's automated malware
Read More...

New and Expanded Free Sonatype Learning Resources

By Cerah Hedrick (they/them) on June 30, 2022 elearning

2 minute read time

Expanded customer education tools now available with, onboarding Sonatype tools, ongoing education, and advice.
Read More...

Smarter policy and advanced component search with Nexus Lifecycle updates

By Chris Good on June 30, 2022 Nexus Lifecycle

5 minute read time

New features improve your software supply chain management tools with flexible controls, intelligent search, and better software project onboarding.
Read More...

python-dateutils—A Cryptominer in Disguise Targeting Windows, Linux, macOS

By Ax Sharma on June 29, 2022 vulnerabilities

5 minute read time

We analyze a suspicious 'python-dateutils' PyPI package targeting Python developers to mine cryptocurrency after infecting their Windows, macOS or Linux systems.
Read More...

Detecting Inclusive Language in My Codebase with Sonatype Lift

By Theresa Mammarella on June 27, 2022 DevZone

3 minute read time

Tutorial for automatically detecting language that is not inclusive in open source projects.
Read More...

This Week in Malware—show me your secrets!

By Ax Sharma on June 24, 2022 vulnerabilities

3 minute read time

These Python packages not only exfiltrate your secrets—AWS credentials and environment variables but rather upload these to a publicly exposed endpoint.
Read More...

Python packages upload your AWS keys, env vars, secrets to the web

By Ax Sharma on June 23, 2022 vulnerabilities

5 minute read time

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.
Read More...