Security News

Researchers with Google-owned security shop Mandiant started seeing significant changes to the Gootloader malware package - also known as Gootkit - in November 2022, including using multiple variations of FONELAUNCH, a.NET-based loader, as well as some newly developed payloads and obfuscation techniques. A Gootloader infection starts via a search engine optimization poisoning attack, with a victim who is searching online for business-related documents, such as templates, agreements, or contracts, being lured into going to a website compromised by the criminal gang.

An active malware campaign is targeting the Python Package Index and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. According to Phylum, the rogue packages embed source code that retrieves Golang-based ransomware binary from a remote server depending on the victim's operating system and microarchitecture.

A new Windows zero-day allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings. Windows includes a security feature called Mark-of-the-Web that flags a file as having been downloaded from the Internet and should be treated with caution as it could be malicious.

The downloaded malicious files contained JavaScript that initiated an intricate infection with the file-encrypting malware. A report from HP's threat intelligence team notes that Magniber ransomware operators demanded payment of up to $2,500 for home users to receive a decryption tool and recover their files.

A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," GitHub said in an advisory published on September 28, 2022.

JavaScript is widely used in backend and frontend applications that rely on trust and good user experience, including e-commerce platforms, and consumer-apps. Fuzz testing helps secure these applications against bugs and vulnerabilities that cause downtime and other security issues, such as crashes, DoS and uncaught exceptions.

That's where you aim to review source code for likely coding blunders and security holes without actually running it at all. If someone has copied-and-pasted that buggy code into other software components in your company repository, you might be able to find them with a text search, assuming that the overall structure of the code was retained, and that comments and variable names weren't changed too much.

A years-long campaign by miscreants to insert malicious JavaScript into vulnerable WordPress sites, so that visitors are redirected to scam websites, has been documented by reverse-engineers. "The websites all shared a common issue - malicious JavaScript had been injected within their website's files and the database, including legitimate core WordPress files," Konov wrote.

In this interview with Help Net Security, Vitaly Lim, CTO at Feroot, talks about the most common JavaScript threats, the devastating impact of malicious or vulnerable code, and the importance of JavaScript security in the development process. What kind of impact do third-party JavaScript libraries and pre-written JavaScript code have on front-end security?

During these assessments a security analyst will determine if the system is susceptible to any known or exploitable vulnerabilities, assign severity levels to them, recommend remediation or mitigation, and prioritize the order in which remediation must occur based on the severity level. The end result of a security assessment should be deep insights into the security gaps of your organization, aligned to both your overall security program and a governance model.