Connect with us

Press Release

A well-known npm package deleted files to oppose the situation in Ukraine.

Published

on

A well-known npm package deleted files to oppose the situation in Ukraine.

In opposition to the continuing Russo-Ukrainian War, the creator of the well-known npm package “node-ipc” released corrupted versions of the library this month.

On developers’ computers, newer versions of the “node-ipc” programme started overwriting all files, erasing all data, and creating new text files containing “peace” messages.

Node-ipc is a well-known package used by important libraries like Vue.js CLI, with over a million downloads each week.

Protestware: Open source is affected by the continuing conflict in Ukraine
For users based in Russia and Belarus, specific versions (10.1.1 and 10.1.2) of the enormously popular “node-ipc” package were discovered to include malicious code that would overwrite or destroy arbitrary files on a system. These variations are monitored by CVE-2022-23812.

On March 8th, software engineer Brandon Nozaki Miller, alias RIAEvangelist, published two open source software packages on npm and GitHub called peacenotwar and oneday-test.

The fact that the packages primarily send a “message of peace” on the Desktop of any user who instals them suggests that the creator originally developed them as a way of peaceful protest.

According to RIAEvangelist, “This code serves as a non-destructive illustration of why controlling your node modules is vital.”

It also acts as a peaceful protest against Russia’s aggression, which currently threatens the entire world.

Although also maintained by RIAEvangelist, some npm versions of the well-known “node-ipc” library were seen unleashing a harmful payload to erase all data by overwriting files of users installing the package. This caused havoc.

It’s interesting to note that the malicious code, which was launched by the developer as early as March 7th, would read the system’s external IP address and would only overwrite files to remove data for users residing in Russia and Belarus.

To hide its true intent, the code in “node-ipc,” more notably in file “ssl-geospec.js,” uses base64-encoded strings and obfuscation techniques:

According to a condensed version of the code released by the researchers, the code will effectively delete all data on a machine for users located in Russia or Belarus by replacing all file contents with a heart emoji.

Additionally, because the peacenotwar module is included in “node-ipc” versions 9.2.2, 11.0.0, and those higher than 11.0.0, impacted users noticed “WITH-LOVE-FROM-AMERICA.txt” files appearing on their Desktop with “peace” messages:

Snyk, an open source security company, researchers also observed and investigated the malicious activity:

According to Liran Tal, Director of Developer Advocacy at Snyk, “at this point, a very clear abuse and a catastrophic supply chain security incident will occur for any system on which this npm package will be run, if that matches a geo-location of either Russia or Belarus.”

Users of Vue.js are alarmed by a supply chain attack.
The well-known JavaScript front-end framework “Vue.js” also depends on “node-ipc.” However, prior to this incident, “Vue.js” was configured to collect the most recent minor and patch versions rather than pinning the versions of “node-ipc” dependent to a safe version, as is clear from the caret () symbol: As a result, when several users were surprised, they urgently pleaded with the project’s maintainers to pin the “node-ipc” dependent to a safe version.

In addition, not only Vue.js but other open source projects have been harmed by this sabotage, as noted by BleepingComputer.

Other project maintainers are being cautioned by developers Lukas Mertens and Fedor to make sure they are not using a malicious version of “node-ipc”:

Researchers at Snyk believe that ‘node-ipc’ versions 10.1.1 and 10.1.2, which blatantly harm the system, were removed by npm within 24 hours of being published.

But take note that “node-ipc” versions 11.0.0 and higher are still accessible on npm. Additionally, the peacenotwar module that generates the aforementioned “WITH-LOVE-FROM-AMERICA.txt” files on the desktop is still present in these versions.

As a result, if you used the “node-ipc” library to build your application, be sure to pin the dependency to a secure version, like 9.2.1 (it turns out that 9.2.2 isn’t completely safe either).

Community outraged by incident in open source
This is the second significant act of self-sabotage by an open source developer this year, following the BleepingComputer-first reported “colours” and “fakers” episode from January.
The creator of “colours,” Marak Squires, received conflicting responses from the open source community because of his method of protest, which involved damaging countless apps by inserting infinite loops inside of them.

But the action of RIAEvangelist, who manages over 40 packages on npm, has come under fire for going beyond “peaceful protest” and aggressively placing damaging payloads in a well-known library without informing honest users.

A GitHub user described it as “a massive blow” to the open source community’s collective confidence.

“This behaviour is just unacceptable. War is undoubtedly a dreadful thing, but that doesn’t justify certain actions, such as placing weird files in desktop folders and erasing all files for Russia/Belarus users. You’re a f***, go to hell. You just managed to destroy the open-source community. You feeling better, @RIAEvangelist?” another enquired.

Some criticised the “node-ipc” developer for repeatedly altering and removing earlier comments on the forum in an effort to “clean up” his tracks [1, 2, 3].

“Even while some people may view maintainer RIAEvangelist’s purposeful and risky action as a justified form of protest. How does that affect the maintainer’s standing and involvement in the developer community in the future? “Snyk’s Tal queries.

Before including “node-ipc” in their applications, developers should use caution because there is no guarantee that future versions of this library or any other library made available by RIAEvangelist will be secure.

One method of defending your applications against such supply chain attacks is to pin your dependencies to a trustworthy version.

 

Continue Reading

Press Release

Dramaindo

Published

on

Dramaindo

If you’re looking for Moenime? After that, this is where you can find various sources that provide thorough information.

Nonton Streaming Drama Sub Indo at Dramaindo.moe
Dramaindo.moe is a site where you can stream and download Indonesian dramas in 240p, 360p, 480p, and 720p HD. Tempat Nonton Drama Sub Indo Terlengkap, Dramaindo.moe.

https://163.172.111.222/
Extracurricular Drama in Indonesian – Dramaindo.moe
Extracurricular can be seen online and downloaded in HD in the following resolutions: 240p, 360p, 480p, and 720p. Dramaindo.moe is the only site where you can access Extracurricular complete episodes with subtitles in Indonesian.

https://163.172.111.222/series/extracurricular/
I hope the sources mentioned above give you with information about Dramaindo. If not, you can contact me through the comments.

Continue Reading

Press Release

T-Mobile data leak revealed call logs and phone numbers

Published

on

T-Mobile data leak revealed call logs and phone numbers

T-Mobile has disclosed a data breach that exposed customer proprietary network information (CPNI), which includes phone numbers and call history.

T-Mobile started texting consumers about a “security incident” that revealed the details of their accounts yesterday.

T-Mobile claims that recently, their systems had “malicious, unauthorised access” uncovered by their security staff. T-Mobile hired a cybersecurity company to conduct an investigation, and the results showed that threat actors had gotten access to CPNI, or customer-generated network information, used for telecommunications.

Phone numbers, call history, and the number of lines on an account are among the data compromised in this attack.

“The Federal Communications Commission (FCC) regulations’ definition of customer proprietary network information (CPNI) was accessed. The CPNI that was accessed might have included your phone number, the number of lines you have subscribed to, and, in some cases, call-related data gathered as part of your wireless service’s routine operation “T-Mobile claimed in a notification of a data breach.

According to T-Mobile, the compromised data did not include the names, addresses, email addresses, financial information, credit card information, social security numbers, tax IDs, passwords, or PINs of account holders.

T-Mobile claimed that this hack only affected a “small number of consumers (less than 0.2%)” in a statement to BleepingComputer. There are roughly 200,000 persons who have been impacted by this breach out of T-estimated Mobile’s 100 million customers.

“Less than 0.2% of our clients are now receiving notifications that some account information may have been improperly accessed. Names connected to the account, financial information, credit card details, social security numbers, passwords, PINs, and physical or email addresses were NOT among the data obtained. Phone numbers, the number of lines a user subscribes to, and, in a few rare situations, call-related data gathered as part of routine operation and service, were among the data that may have been accessed “Tells BleepingComputer, T-Mobile.

Anyone who has received a text alert about this incident should be on the watch for any suspicious texts that seem to be from T-Mobile and ask for information or contain links to websites that are not owned by T-Mobile.

Threat actors frequently employ information they have obtained from other targeted phishing and smishing efforts in an effort to obtain sensitive data such login names and passwords.

Prior data breaches at T-Mobile occurred in 2018, 2019 for prepaid customers, and in March 2020, which exposed personal and financial information.

Continue Reading

Press Release

MASSACHUSETTS COURT SUPPORTS A REQUEST FROM THE IRS TO OBTAIN THE RECORDS OF ALL CIRCLE CUSTOMERS WHO HAD $20K+ IN CRYPTO TRANSACTIONS BETWEEN 2016 AND 2020 (ZACK SEWARD/COINDESK)

Published

on

MASSACHUSETTS COURT

Massachusetts court supports a request from the IRS to obtain the records of all Circle customers who had $20K+ in crypto transactions between 2016 and 2020  —  A Massachusetts court is supporting a request from the IRS to obtain the records Circle customers, the Department of Justice said.

Continue Reading

Trending