Tamir Ben Ari, Author at Mend

The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name

Tom Abai
Tamir Ben Ari
May 31, 2023

Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with more than two million downloads. Existing projects that haven't updated their dependencies might unwittingly pull in this new version, assuming it's a continuation of the original. Given that the new gem is now controlled by an unknown entity, it could be altered to include malicious code or to perform undesirable actions.

Yandex Data Leak Triggers Malicious Package Publication

Tamir Ben Ari
January 30, 2023

Learn about the risks posed by leaked code and malicious packages at Russian tech giant Yandex.

Mend researchers identify @jayxuz/rely: a new type of malicious code that deletes directories

Malicious Code Deletes Directories If You Do Not Have a License

Tamir Ben Ari
January 10, 2023

Mend researchers identify a new type of malicious code that deletes directories.

A Busy Weekend for npm Attacks, Including ‘cors’ Typosquatting

Tamir Ben Ari
Tom Abai
December 6, 2022

Over the past three days, the Mend research team identified two separate attacks that published malicious packages to npm: reverse remote shell as part of typosquatting attack on the popular ‘cors’ package, and an ATO attack on the “Just Eat” organization.

Today’s Security Tidbit: An Encrypted JSON File Containing Malicious Code

Tamir Ben Ari
August 2, 2022

The Mend research team analyzes a malicious package in which the harmful code is not only in a JSON file, but is also fully encrypted.

Attacker Floods npm With Crypto-Mining Packages that Mine Monero When Installed with Default Configuration

Maria Korlotian
Tamir Ben Ari
June 30, 2022

Monero (XMR) is an open-source, privacy-oriented cryptocurrency that was launched in 2014. It uses a public distributed ledger containing technology that obscures transaction details to ensure the anonymity of its users. Monero maintains egalitarian mining, allowing anyone to participate. As tempting as it may seem, some go a step further and use the infrastructure of...

Tamir Ben Ari

Latest Content By Tamir