NPM supply chain attack uses Ethereum blockchain

Photo of a chain illustrating the discovery of a malware campaign that takes advantage of the npm packages ecosystem for a software supply chain attack and uses the Ethereum blockchain for resilience against cyber security detection and mitigation strategies.

Checkmarx researchers have detected a unique supply chain attack within the NPM ecosystem that uses the Ethereum blockchain.

The malicious package, dubbed "jest-fet-mock," targets developers with a multi-platform malware employing Ethereum smart contracts for command-and-control (C2) operations. This marks a convergence of blockchain technology with traditional attack vectors—a method not yet observed in NPM packages. 

Attack mechanics and distribution

The...

4 November 2024 | Blockchain

Linux Foundation Decentralized Trust aims for web3 innovation

Chain of blocks to illustrate the launch of the Linux Foundation Decentralized Trust to advance open source web3 technologies.

The Linux Foundation Decentralized Trust aims to foster collaboration and innovation across the web3 ecosystem of blockchain, ledger, identity, interoperability, and cryptographic technologies.

With over 100 founding members, LF Decentralized Trust claims to be a neutral platform for the collaborative development of technologies powering the transition to a digital-first economy. The organisation builds upon more than eight years of work from across the Linux Foundation,...

16 September 2024 | Blockchain

Critical OpenSSH vulnerability threatens millions of Linux systems

A severe vulnerability in OpenSSH's server (sshd) has been uncovered by Qualys’ Threat Research Unit (TRU), potentially affecting over 14 million Linux systems worldwide. The flaw, designated as CVE-2024-6387, allows for remote unauthenticated code execution (RCE) with root privileges on glibc-based Linux systems.

This vulnerability, stemming from a signal handler race condition, impacts sshd in its default configuration. Qualys researchers have identified approximately 700,000...

1 July 2024 | Developer

Linux Foundation forms trust for advancing decentralisation

The Linux Foundation has announced plans to establish the Linux Foundation Decentralized Trust (LF Decentralized Trust), a new umbrella organisation aimed at supporting the advancement of decentralised technologies.

Building on the foundation's existing blockchain and digital identity projects, LF Decentralized Trust will encompass the Hyperledger project portfolio and host new open source software, communities, standards, and specifications critical to the shift towards...

26 June 2024 | Blockchain

Linux community mourns loss of WiFi driver expert

The Linux kernel community is in mourning following the loss of Larry Finger, a longtime and prolific contributor to WiFi drivers. Finger, who began his contributions to the Linux kernel in 2005 and had over 1,500 kernel patches accepted into the mainline Linux kernel, passed away on 21 June 2024.

The news of Finger's passing was shared by his wife in a brief statement on the linux-wireless mailing list: "This is to notify you that Larry Finger, one of your developers, passed away...

24 June 2024 | Developer

Linux Kernel closes in on 10M git objects

Linus Torvalds has announced version 6.8 of the Linux Kernel, inching ever closer to a major milestone in the project's codebase. In his announcement on Sunday, Torvalds noted that the git repository tracking the kernel's development now contains 9.996 million objects.

"This is the last mainline kernel to have less than ten million git objects," Torvalds wrote, though he was quick to add, "Of course, there is absolutely nothing special about it apart from a nice round number. Git...

11 March 2024 | Linux

Asahi Linux announces ‘Fedora Asahi Remix’ for Apple Silicon machines

Asahi Linux, a project dedicated to bringing full Linux support to Apple Silicon machines, has unveiled its highly anticipated flagship distribution: Fedora Asahi Remix.

The announcement was made at the Flock To Fedora event and has been a monumental undertaking, involving extensive reverse engineering, development, and integration work to support the unique hardware architecture of Apple Silicon on various Linux distributions. 

With a focus on offering a polished...

7 August 2023 | Linux

Windows Subsystem for Linux is now delivered via the Microsoft Store

Anyone wanting to use Windows Subsystem for Linux (WSL) should now grab it from the Microsoft Store.

WSL enables Linux binary executables to be run natively on Windows 10, 11, and Server 2019.

The compatibility layer was previously obtained through the ‘Turn Windows Features on or off’ dialogue, which required a machine restart.

By decoupling WSL’s binaries from the Windows image and making it available via the Microsoft Store, Redmond says it will help...

12 October 2021 | Developer

Linus Torvalds: GitHub creates ‘absolutely useless garbage’ merges

Linux and Git creator Linus Torvalds has criticised GitHub for creating “absolutely useless garbage merges”.

Torvalds’ comment can be viewed in an archive of a Linux development mailing list and was directed at Konstantin Komarov, Founder and CEO of Paragon Software, about the submission of its read-write NTFS driver for the upcoming 5.15 kernel.

“github creates absolutely useless garbage merges, and you should never ever use the github interfaces to merge...

8 September 2021 | Git

Torvalds hopes future Linux 5.13 release candidates will ‘start shrinking’

Linux creator Linus Torvalds has expressed mild concern over the size of kernel 5.13 following its fifth release candidate.

“Hmm,” Torvalds opened his latest State of the Kernel post. “Things haven't really started to calm down very much yet, but rc5 seems to be fairly average in size. I'm hoping things will start shrinking now.”

In April, Torvalds warned that 5.13 would likely be “making up” for the smaller release of 5.12 – a position he maintained...

7 June 2021 | Linux