67 matches found
New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services
A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services AWS offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container security firm...
@activepieces/piece-amazon-s3 (=0.0.2), @adobe/helix-admin-support (>=2.1.22 <=2.1.23) +471 more potentially affected by unknown CVE via fast-xml-parser (=4.2.4)
fast-xml-parser NPM version =4.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on fast-xml-parser and may be impacted: - @activepieces/piece-amazon-s3 =0.0.2 - @adobe/helix-admin-support =2.1.22, =9.0.39, =2.1.1, =2.1.15, =1.11.158, =1.0.4-0, =1.2.39-...
@aws-amplify/geo (>=2.0.13-push-notification-dryrun.43 <=2.0.35-unstable.15353e0.2), @aws-amplify/interactions (>=5.0.13-push-notification-dryrun.43 <=5.1.1-unstable.15353e0.2) +98 more potentially affected by CVE-2023-34104 via fast-xml-parser (>=4.1.3 <=4.2.3)
fast-xml-parser NPM version =4.1.3, =2.0.13-push-notification-dryrun.43, =5.0.13-push-notification-dryrun.43, =1.0.13-push-notification-dryrun.43, =5.0.13-push-notification-dryrun.43, =5.1.3-push-notification-dryrun.43, =1.1.6-exodus.1, =6.2.44, =9.1.0, =9.1.0, =9.53.0 and more Source cves:...
Malicious Package
Overview amplify-category-api-e2e-core is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...
Malicious Package
Overview amplify-category-api-dynamodb-simulator is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only...
MAL-2022-976 Malicious code in amplify-category-api-dynamodb-simulator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8891bc9b89c5f04d865d23a8aaaa496f59bde6cca82becce21df120ddd894b9d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-977 Malicious code in amplify-category-api-e2e-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12a35d0a8b1a0a8aec5fef2c0e459f6151837f40572441aa6110a0d5686cb858 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in amplify-category-api-dynamodb-simulator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8891bc9b89c5f04d865d23a8aaaa496f59bde6cca82becce21df120ddd894b9d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @amplify-components/amplify-table (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 70abd4248b1a4ad04804bc31e5980f276eab9b5ce5b09a797225407fba9cfd02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-76 Malicious code in @amplify-components/amplify-table (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 70abd4248b1a4ad04804bc31e5980f276eab9b5ce5b09a797225407fba9cfd02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in aws-amplify-unicorntrivia-workshop (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1ed06bee8e811d379842b46440e9174027b9d4ece63560f9ddc88cd44ae0102 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1191 Malicious code in aws-amplify-unicorntrivia-workshop (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1ed06bee8e811d379842b46440e9174027b9d4ece63560f9ddc88cd44ae0102 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-981 Malicious code in amplify-video (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c45ca3aa689f3135c4de255dcae8c501fc865a035dd4832c534f21488f8b8ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in amplify-video (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c45ca3aa689f3135c4de255dcae8c501fc865a035dd4832c534f21488f8b8ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in amplify-graphiql-explorer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1d3e576fc6b5204dca87f9ac269c183497998d162c90a7dcabf36447fa318ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in my-amplify-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ca4e255beea421e747da39e87ae71c9e3ce5cdd5b12d136087b0797a47848e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-979 Malicious code in amplify-e2e-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dcac320cdc49f3cae9cdb708f91d0f4e1075c323ddd818e7719f516e44fcc930 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-980 Malicious code in amplify-graphiql-explorer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1d3e576fc6b5204dca87f9ac269c183497998d162c90a7dcabf36447fa318ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in amplify-e2e-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dcac320cdc49f3cae9cdb708f91d0f4e1075c323ddd818e7719f516e44fcc930 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-734 Malicious code in @ws-amplify/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd6ffd91fd9d98bf9d64e6357578ef8e199bea32dec9443dbb82dbdae7491218 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...