4 matches found
Demand-Driven Vulnerability Detection for Cloud Security Posture Management: Removing Human Rule Authoring from the Disclosure-To-Protection Critical Path
Cloud Security Posture Management CSPM systems detect known vulnerabilities by maintaining a rule set, distributing it to customers, and evaluating it against periodically-collected asset inventories. To our knowledge, in publicly documented architectures the rule set is environment-agnostic and...
MAL-2022-4272 Malicious code in ledger-live-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6181eb8571a997bee121a596d871f926f1b02d4e875a57d1a3fc9025338f7a25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ledger-live-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6181eb8571a997bee121a596d871f926f1b02d4e875a57d1a3fc9025338f7a25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview ledger-live-assets is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...